Ticket #19125: VBoxHardening.log

File VBoxHardening.log, 391.5 KB (added by kotenok2000, 5 years ago)

Line
1	1b98.b54: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000090 g_uNtVerCombined=0xa047bb00
2	1b98.b54: \SystemRoot\System32\ntdll.dll:
3	1b98.b54: CreationTime: 2019-10-09T07:15:15.782952500Z
4	1b98.b54: LastWriteTime: 2019-10-09T07:15:16.191946200Z
5	1b98.b54: ChangeTime: 2019-11-12T21:16:16.798042000Z
6	1b98.b54: FileAttributes: 0x820
7	1b98.b54: Size: 0x1e8528
8	1b98.b54: NT Headers: 0xd8
9	1b98.b54: Timestamp: 0x99ca0526
10	1b98.b54: Machine: 0x8664 - amd64
11	1b98.b54: Timestamp: 0x99ca0526
12	1b98.b54: Image Version: 10.0
13	1b98.b54: SizeOfImage: 0x1f0000 (2031616)
14	1b98.b54: Resource Dir: 0x17f000 LB 0x6f310
15	1b98.b54: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16	1b98.b54: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17	1b98.b54: ProductName: Microsoft® Windows® Operating System
18	1b98.b54: ProductVersion: 10.0.18362.418
19	1b98.b54: FileVersion: 10.0.18362.418 (WinBuild.160101.0800)
20	1b98.b54: FileDescription: NT Layer DLL
21	1b98.b54: \SystemRoot\System32\kernel32.dll:
22	1b98.b54: CreationTime: 2019-09-06T08:50:11.805475900Z
23	1b98.b54: LastWriteTime: 2019-09-06T08:50:12.063263600Z
24	1b98.b54: ChangeTime: 2019-11-12T21:14:43.929620400Z
25	1b98.b54: FileAttributes: 0x820
26	1b98.b54: Size: 0xb0570
27	1b98.b54: NT Headers: 0xe8
28	1b98.b54: Timestamp: 0xd0cecc10
29	1b98.b54: Machine: 0x8664 - amd64
30	1b98.b54: Timestamp: 0xd0cecc10
31	1b98.b54: Image Version: 10.0
32	1b98.b54: SizeOfImage: 0xb2000 (729088)
33	1b98.b54: Resource Dir: 0xb0000 LB 0x520
34	1b98.b54: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35	1b98.b54: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36	1b98.b54: ProductName: Microsoft® Windows® Operating System
37	1b98.b54: ProductVersion: 10.0.18362.329
38	1b98.b54: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
39	1b98.b54: FileDescription: Windows NT BASE API Client DLL
40	1b98.b54: \SystemRoot\System32\KernelBase.dll:
41	1b98.b54: CreationTime: 2019-11-12T21:02:18.696374500Z
42	1b98.b54: LastWriteTime: 2019-11-12T21:02:19.515375500Z
43	1b98.b54: ChangeTime: 2019-11-13T01:07:03.500085800Z
44	1b98.b54: FileAttributes: 0x20
45	1b98.b54: Size: 0x2a2908
46	1b98.b54: NT Headers: 0xf0
47	1b98.b54: Timestamp: 0x83c3d83a
48	1b98.b54: Machine: 0x8664 - amd64
49	1b98.b54: Timestamp: 0x83c3d83a
50	1b98.b54: Image Version: 10.0
51	1b98.b54: SizeOfImage: 0x2a3000 (2764800)
52	1b98.b54: Resource Dir: 0x27d000 LB 0x548
53	1b98.b54: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54	1b98.b54: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55	1b98.b54: ProductName: Microsoft® Windows® Operating System
56	1b98.b54: ProductVersion: 10.0.18362.476
57	1b98.b54: FileVersion: 10.0.18362.476 (WinBuild.160101.0800)
58	1b98.b54: FileDescription: Windows NT BASE API Client DLL
59	1b98.b54: \SystemRoot\System32\apisetschema.dll:
60	1b98.b54: CreationTime: 2019-03-19T04:43:54.837151500Z
61	1b98.b54: LastWriteTime: 2019-10-23T09:58:34.870639900Z
62	1b98.b54: ChangeTime: 2019-11-12T21:14:42.081621100Z
63	1b98.b54: FileAttributes: 0x20
64	1b98.b54: Size: 0x1d028
65	1b98.b54: NT Headers: 0xc8
66	1b98.b54: Timestamp: 0xd6ced080
67	1b98.b54: Machine: 0x8664 - amd64
68	1b98.b54: Timestamp: 0xd6ced080
69	1b98.b54: Image Version: 10.0
70	1b98.b54: SizeOfImage: 0x1e000 (122880)
71	1b98.b54: Resource Dir: 0x1d000 LB 0x408
72	1b98.b54: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73	1b98.b54: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74	1b98.b54: ProductName: Microsoft® Windows® Operating System
75	1b98.b54: ProductVersion: 10.0.18362.1
76	1b98.b54: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
77	1b98.b54: FileDescription: ApiSet Schema DLL
78	1b98.b54: Found driver mbamswissarmy (0x80)
79	1b98.b54: supR3HardenedWinFindAdversaries: 0x80
80	1b98.b54: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
81	1b98.b54: CreationTime: 2019-07-14T23:08:00.417005100Z
82	1b98.b54: LastWriteTime: 2019-10-23T09:14:30.733490000Z
83	1b98.b54: ChangeTime: 2019-10-23T09:14:30.733490000Z
84	1b98.b54: FileAttributes: 0x20
85	1b98.b54: Size: 0x43320
86	1b98.b54: NT Headers: 0xf8
87	1b98.b54: Timestamp: 0x5c9e68f9
88	1b98.b54: Machine: 0x8664 - amd64
89	1b98.b54: Timestamp: 0x5c9e68f9
90	1b98.b54: Image Version: 10.0
91	1b98.b54: SizeOfImage: 0x45000 (282624)
92	1b98.b54: Resource Dir: 0x43000 LB 0x3b8
93	1b98.b54: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
94	1b98.b54: [Raw version resource data: 0x43060 LB 0x358, codepage 0x0 (reserved 0x0)]
95	1b98.b54: ProductName: Malwarebytes SwissArmy
96	1b98.b54: ProductVersion: 4.3.0.170
97	1b98.b54: FileVersion: 4.3.0.170
98	1b98.b54: FileDescription: Malwarebytes SwissArmy
99	1b98.b54: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
100	1b98.b54: Calling main()
101	1b98.b54: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
102	1b98.b54: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
103	1b98.b54: SUPR3HardenedMain: Respawn #1
104	1b98.b54: System32: \Device\HarddiskVolume2\Windows\System32
105	1b98.b54: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
106	1b98.b54: KnownDllPath: C:\WINDOWS\System32
107	1b98.b54: supR3HardenedWinInit: Performing a limited self purification...
108	1b98.b54: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
109	1b98.b54: *0000000000000000-00000000001affff 0x0001/0x0000 0x0000000
110	1b98.b54: *00000000001b0000-00000000001bffff 0x0004/0x0004 0x0040000
111	1b98.b54: 00000000001c0000-00000000001cffff 0x0001/0x0000 0x0000000
112	1b98.b54: *00000000001d0000-00000000001eafff 0x0002/0x0002 0x0040000
113	1b98.b54: 00000000001eb000-00000000001effff 0x0001/0x0000 0x0000000
114	1b98.b54: *00000000001f0000-00000000001f3fff 0x0002/0x0002 0x0040000
115	1b98.b54: 00000000001f4000-00000000001fffff 0x0001/0x0000 0x0000000
116	1b98.b54: *0000000000200000-0000000000373fff 0x0000/0x0004 0x0020000
117	1b98.b54: 0000000000374000-0000000000376fff 0x0004/0x0004 0x0020000
118	1b98.b54: 0000000000377000-00000000003fffff 0x0000/0x0004 0x0020000
119	1b98.b54: *0000000000400000-00000000004b0fff 0x0000/0x0004 0x0020000
120	1b98.b54: 00000000004b1000-00000000004b3fff 0x0104/0x0004 0x0020000
121	1b98.b54: 00000000004b4000-00000000004fffff 0x0004/0x0004 0x0020000
122	1b98.b54: *0000000000500000-0000000000501fff 0x0004/0x0004 0x0020000
123	1b98.b54: 0000000000502000-000000000050ffff 0x0001/0x0000 0x0000000
124	1b98.b54: *0000000000510000-00000000005d6fff 0x0002/0x0002 0x0040000
125	1b98.b54: 00000000005d7000-00000000005dffff 0x0001/0x0000 0x0000000
126	1b98.b54: *00000000005e0000-00000000005e1fff 0x0004/0x0004 0x0020000
127	1b98.b54: 00000000005e2000-0000000000611fff 0x0000/0x0004 0x0020000
128	1b98.b54: 0000000000612000-000000000062ffff 0x0001/0x0000 0x0000000
129	1b98.b54: *0000000000630000-000000000063efff 0x0004/0x0004 0x0020000
130	1b98.b54: 000000000063f000-000000000063ffff 0x0000/0x0004 0x0020000
131	1b98.b54: 0000000000640000-000000000069ffff 0x0001/0x0000 0x0000000
132	1b98.b54: *00000000006a0000-00000000006a9fff 0x0004/0x0004 0x0020000
133	1b98.b54: 00000000006aa000-000000000079ffff 0x0000/0x0004 0x0020000
134	1b98.b54: *00000000007a0000-00000000007a3fff 0x0000/0x0004 0x0020000
135	1b98.b54: 00000000007a4000-0000000000994fff 0x0004/0x0004 0x0020000
136	1b98.b54: 0000000000995000-0000000000995fff 0x0000/0x0004 0x0020000
137	1b98.b54: 0000000000996000-000000000099ffff 0x0001/0x0000 0x0000000
138	1b98.b54: *00000000009a0000-00000000009bcfff 0x0004/0x0004 0x0020000
139	1b98.b54: 00000000009bd000-0000000000a9ffff 0x0000/0x0004 0x0020000
140	1b98.b54: 0000000000aa0000-000000007ffdffff 0x0001/0x0000 0x0000000
141	1b98.b54: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
142	1b98.b54: 000000007ffe1000-00007ff4f009ffff 0x0001/0x0000 0x0000000
143	1b98.b54: *00007ff4f00a0000-00007ff4f00a4fff 0x0002/0x0002 0x0040000
144	1b98.b54: 00007ff4f00a5000-00007ff4f019ffff 0x0000/0x0002 0x0040000
145	1b98.b54: *00007ff4f01a0000-00007ff5f01bffff 0x0000/0x0004 0x0020000
146	1b98.b54: *00007ff5f01c0000-00007ff5f21bffff 0x0000/0x0004 0x0020000
147	1b98.b54: 00007ff5f21c0000-00007ff5f21c0fff 0x0004/0x0004 0x0020000
148	1b98.b54: 00007ff5f21c1000-00007ff5f21cffff 0x0001/0x0000 0x0000000
149	1b98.b54: *00007ff5f21d0000-00007ff5f21d0fff 0x0002/0x0002 0x0040000
150	1b98.b54: 00007ff5f21d1000-00007ff5f21dffff 0x0001/0x0000 0x0000000
151	1b98.b54: *00007ff5f21e0000-00007ff5f2202fff 0x0002/0x0002 0x0040000
152	1b98.b54: 00007ff5f2203000-00007ff74789ffff 0x0001/0x0000 0x0000000
153	1b98.b54: *00007ff7478a0000-00007ff7478a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
154	1b98.b54: 00007ff7478a1000-00007ff747915fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
155	1b98.b54: 00007ff747916000-00007ff747916fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
156	1b98.b54: 00007ff747917000-00007ff74795efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
157	1b98.b54: 00007ff74795f000-00007ff747961fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
158	1b98.b54: 00007ff747962000-00007ff747964fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
159	1b98.b54: 00007ff747965000-00007ff747967fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
160	1b98.b54: 00007ff747968000-00007ff747968fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
161	1b98.b54: 00007ff747969000-00007ff74796afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
162	1b98.b54: 00007ff74796b000-00007ff74796bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
163	1b98.b54: 00007ff74796c000-00007ff7479b4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
164	1b98.b54: 00007ff7479b5000-00007ff933e8ffff 0x0001/0x0000 0x0000000
165	1b98.b54: *00007ff933e90000-00007ff933e90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
166	1b98.b54: 00007ff933e91000-00007ff933eddfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
167	1b98.b54: 00007ff933ede000-00007ff933efffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
168	1b98.b54: 00007ff933f00000-00007ff933f02fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
169	1b98.b54: 00007ff933f03000-00007ff933f1efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apphelp.dll
170	1b98.b54: 00007ff933f1f000-00007ff9368bffff 0x0001/0x0000 0x0000000
171	1b98.b54: *00007ff9368c0000-00007ff9368c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
172	1b98.b54: 00007ff9368c1000-00007ff9369c5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
173	1b98.b54: 00007ff9369c6000-00007ff936b27fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
174	1b98.b54: 00007ff936b28000-00007ff936b2bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
175	1b98.b54: 00007ff936b2c000-00007ff936b2cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
176	1b98.b54: 00007ff936b2d000-00007ff936b62fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
177	1b98.b54: 00007ff936b63000-00007ff93932ffff 0x0001/0x0000 0x0000000
178	1b98.b54: *00007ff939330000-00007ff939330fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
179	1b98.b54: 00007ff939331000-00007ff9393a5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
180	1b98.b54: 00007ff9393a6000-00007ff9393d7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
181	1b98.b54: 00007ff9393d8000-00007ff9393d8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
182	1b98.b54: 00007ff9393d9000-00007ff9393d9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
183	1b98.b54: 00007ff9393da000-00007ff9393e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
184	1b98.b54: 00007ff9393e2000-00007ff93971ffff 0x0001/0x0000 0x0000000
185	1b98.b54: *00007ff939720000-00007ff939720fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
186	1b98.b54: 00007ff939721000-00007ff939837fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
187	1b98.b54: 00007ff939838000-00007ff93987efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
188	1b98.b54: 00007ff93987f000-00007ff93987ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
189	1b98.b54: 00007ff939880000-00007ff939881fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
190	1b98.b54: 00007ff939882000-00007ff93988afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
191	1b98.b54: 00007ff93988b000-00007ff93990ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
192	1b98.b54: 00007ff939910000-00007ffffffeffff 0x0001/0x0000 0x0000000
193	1b98.b54: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
194	1b98.b54: kernelbase.dll: timestamp 0x83c3d83a (rc=VINF_SUCCESS)
195	1b98.b54: apphelp.dll: timestamp 0xff74693c (rc=VINF_SUCCESS)
196	1b98.b54: VirtualBoxVM.exe: timestamp 0x5d9f7c37 (rc=VINF_SUCCESS)
197	1b98.b54: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
198	1b98.b54: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
199	1b98.b54: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
200	1b98.b54: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
201	1b98.b54: apphelp.dll: Differences in section #2 (.rdata) between file and memory:
202	1b98.b54: 00007ff933edfe98 / 0x004fe98: 60 != e0
203	1b98.b54: 00007ff933edfe99 / 0x004fe99: e1 != ed
204	1b98.b54: 00007ff933edfe9a / 0x004fe9a: 93 != 34
205	1b98.b54: 00007ff933edfe9b / 0x004fe9b: 36 != 39
206	1b98.b54: 00007ff933edfea0 / 0x004fea0: 00 != 50
207	1b98.b54: 00007ff933edfea1 / 0x004fea1: 0a != 5e
208	1b98.b54: 00007ff933edfea2 / 0x004fea2: 91 != 34
209	1b98.b54: 00007ff933edfea3 / 0x004fea3: 36 != 39
210	1b98.b54: 00007ff933edfea8 / 0x004fea8: d0 != b0
211	1b98.b54: 00007ff933edfea9 / 0x004fea9: 47 != 1d
212	1b98.b54: 00007ff933edfeaa / 0x004feaa: 92 != 35
213	1b98.b54: 00007ff933edfeab / 0x004feab: 36 != 39
214	1b98.b54: 00007ff933edfeb0 / 0x004feb0: 20 != 50
215	1b98.b54: 00007ff933edfeb1 / 0x004feb1: a7 != b7
216	1b98.b54: 00007ff933edfeb2 / 0x004feb2: 92 != 34
217	1b98.b54: 00007ff933edfeb3 / 0x004feb3: 36 != 39
218	1b98.b54: 00007ff933edfeb8 / 0x004feb8: 90 != c0
219	1b98.b54: 00007ff933edfeb9 / 0x004feb9: 22 != 1d
220	1b98.b54: 00007ff933edfeba / 0x004feba: 92 != 35
221	1b98.b54: 00007ff933edfebb / 0x004febb: 36 != 39
222	1b98.b54: 00007ff933edfec0 / 0x004fec0: 60 != 40
223	1b98.b54: 00007ff933edfec1 / 0x004fec1: bc != be
224	1b98.b54: 00007ff933edfec2 / 0x004fec2: 91 != 34
225	1b98.b54: 00007ff933edfec3 / 0x004fec3: 36 != 39
226	1b98.b54: 00007ff933edfec8 / 0x004fec8: 80 != 60
227	1b98.b54: 00007ff933edfec9 / 0x004fec9: 66 != a1
228	1b98.b54: 00007ff933edfeca / 0x004feca: 92 != 34
229	1b98.b54: 00007ff933edfecb / 0x004fecb: 36 != 39
230	1b98.b54: 00007ff933edfed8 / 0x004fed8: c0 != a0
231	1b98.b54: 00007ff933edfed9 / 0x004fed9: 72 != a1
232	1b98.b54: 00007ff933edfeda / 0x004feda: 8e != 34
233	1b98.b54: 00007ff933edfedb / 0x004fedb: 36 != 39
234	1b98.b54: Restored 0x2000 bytes of original file content at 00007ff933ede000
235	1b98.b54: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=1
236	1b98.b54: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
237	1b98.b54: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
238	1b98.b54: supR3HardNtEnableThreadCreationEx:
239	1b98.b54: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9397917f0 pvNtTerminateThread=00007ff9397bcb10
240	1b98.b54: supR3HardenedWinDoReSpawn(1): New child 1c54.1028 [kernel32].
241	1b98.b54: supR3HardNtChildGatherData: PebBaseAddress=00000000004ba000 cbPeb=0x388
242	1b98.b54: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff939720000 uNtDllChildAddr=00007ff939720000
243	1b98.b54: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9397917f0
244	1b98.b54: supR3HardenedWinSetupChildInit: Start child.
245	1b98.b54: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
246	1b98.b54: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 57 sleeps
247	1b98.b54: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
248	1b98.b54: *0000000000000000-000000000023ffff 0x0001/0x0000 0x0000000
249	1b98.b54: *0000000000240000-000000000025ffff 0x0004/0x0004 0x0020000
250	1b98.b54: *0000000000260000-000000000027afff 0x0002/0x0002 0x0040000
251	1b98.b54: 000000000027b000-000000000027ffff 0x0001/0x0000 0x0000000
252	1b98.b54: *0000000000280000-000000000037afff 0x0000/0x0004 0x0020000
253	1b98.b54: 000000000037b000-000000000037dfff 0x0104/0x0004 0x0020000
254	1b98.b54: 000000000037e000-000000000037ffff 0x0004/0x0004 0x0020000
255	1b98.b54: *0000000000380000-0000000000383fff 0x0002/0x0002 0x0040000
256	1b98.b54: 0000000000384000-000000000038ffff 0x0001/0x0000 0x0000000
257	1b98.b54: *0000000000390000-0000000000391fff 0x0004/0x0004 0x0020000
258	1b98.b54: 0000000000392000-00000000003fffff 0x0001/0x0000 0x0000000
259	1b98.b54: *0000000000400000-00000000004b9fff 0x0000/0x0004 0x0020000
260	1b98.b54: 00000000004ba000-00000000004bcfff 0x0004/0x0004 0x0020000
261	1b98.b54: 00000000004bd000-00000000005fffff 0x0000/0x0004 0x0020000
262	1b98.b54: 0000000000600000-000000007ffdffff 0x0001/0x0000 0x0000000
263	1b98.b54: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
264	1b98.b54: 000000007ffe1000-00007ff5b60affff 0x0001/0x0000 0x0000000
265	1b98.b54: *00007ff5b60b0000-00007ff5b60b0fff 0x0002/0x0002 0x0040000
266	1b98.b54: 00007ff5b60b1000-00007ff5b60bffff 0x0001/0x0000 0x0000000
267	1b98.b54: *00007ff5b60c0000-00007ff5b60e2fff 0x0002/0x0002 0x0040000
268	1b98.b54: 00007ff5b60e3000-00007ff74789ffff 0x0001/0x0000 0x0000000
269	1b98.b54: *00007ff7478a0000-00007ff7478a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
270	1b98.b54: 00007ff7478a1000-00007ff747915fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
271	1b98.b54: 00007ff747916000-00007ff747916fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
272	1b98.b54: 00007ff747917000-00007ff74795efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
273	1b98.b54: 00007ff74795f000-00007ff74795ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
274	1b98.b54: 00007ff747960000-00007ff747960fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
275	1b98.b54: 00007ff747961000-00007ff747965fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
276	1b98.b54: 00007ff747966000-00007ff747966fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
277	1b98.b54: 00007ff747967000-00007ff747967fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
278	1b98.b54: 00007ff747968000-00007ff74796bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
279	1b98.b54: 00007ff74796c000-00007ff7479b4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
280	1b98.b54: 00007ff7479b5000-00007ff93971ffff 0x0001/0x0000 0x0000000
281	1b98.b54: *00007ff939720000-00007ff939720fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
282	1b98.b54: 00007ff939721000-00007ff939837fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
283	1b98.b54: 00007ff939838000-00007ff93987efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
284	1b98.b54: 00007ff93987f000-00007ff93988afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
285	1b98.b54: 00007ff93988b000-00007ff939899fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
286	1b98.b54: 00007ff93989a000-00007ff93989afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
287	1b98.b54: 00007ff93989b000-00007ff93989dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
288	1b98.b54: 00007ff93989e000-00007ff93990ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
289	1b98.b54: 00007ff939910000-00007ffffffeffff 0x0001/0x0000 0x0000000
290	1b98.b54: supR3HardNtChildPurify: Done after 667 ms and 0 fixes (loop #0).
291	1c54.1028: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
292	1b98.b54: supR3HardNtEnableThreadCreationEx:
293	1c54.1028: supR3HardenedVmProcessInit: uNtDllAddr=00007ff939720000 g_uNtVerCombined=0xa047bb00
294	1c54.1028: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS)
295	1c54.1028: New simple heap: #1 0000000000700000 LB 0x400000 (for 2031616 allocation)
296	1c54.1028: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
297	1c54.1028: System32: \Device\HarddiskVolume2\Windows\System32
298	1c54.1028: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
299	1c54.1028: KnownDllPath: C:\WINDOWS\System32
300	1c54.1028: supR3HardenedVmProcessInit: Opening vboxdrv stub...
301	1c54.1028: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
302	1c54.1028: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
303	1c54.1028: Registered Dll notification callback with NTDLL.
304	1c54.1028: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
305	1c54.1028: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
306	1c54.1028: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
307	1c54.1028: supR3HardenedDllNotificationCallback: load 00007ff9368c0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
308	1c54.1028: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
309	1c54.1028: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
310	1c54.1028: supR3HardenedDllNotificationCallback: load 00007ff939330000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
311	1c54.1028: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
312	1c54.1028: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939330000 'C:\WINDOWS\System32\KERNEL32.DLL'
313	1c54.1028: supR3HardenedDllNotificationCallback: load 00007ff7478a0000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
314	1c54.1028: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
315	1c54.1028: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
316	1c54.1028: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
317	1c54.1028: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9397917f0 pvNtTerminateThread=00007ff9397bcb10
318	1b98.b54: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 202 ms.
319	1c54.1028: \SystemRoot\System32\ntdll.dll:
320	1c54.1028: CreationTime: 2019-10-09T07:15:15.782952500Z
321	1c54.1028: LastWriteTime: 2019-10-09T07:15:16.191946200Z
322	1c54.1028: ChangeTime: 2019-11-12T21:16:16.798042000Z
323	1c54.1028: FileAttributes: 0x820
324	1c54.1028: Size: 0x1e8528
325	1c54.1028: NT Headers: 0xd8
326	1c54.1028: Timestamp: 0x99ca0526
327	1c54.1028: Machine: 0x8664 - amd64
328	1c54.1028: Timestamp: 0x99ca0526
329	1c54.1028: Image Version: 10.0
330	1c54.1028: SizeOfImage: 0x1f0000 (2031616)
331	1c54.1028: Resource Dir: 0x17f000 LB 0x6f310
332	1c54.1028: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
333	1c54.1028: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
334	1c54.1028: ProductName: Microsoft® Windows® Operating System
335	1c54.1028: ProductVersion: 10.0.18362.418
336	1c54.1028: FileVersion: 10.0.18362.418 (WinBuild.160101.0800)
337	1c54.1028: FileDescription: NT Layer DLL
338	1c54.1028: \SystemRoot\System32\kernel32.dll:
339	1c54.1028: CreationTime: 2019-09-06T08:50:11.805475900Z
340	1c54.1028: LastWriteTime: 2019-09-06T08:50:12.063263600Z
341	1c54.1028: ChangeTime: 2019-11-12T21:14:43.929620400Z
342	1c54.1028: FileAttributes: 0x820
343	1c54.1028: Size: 0xb0570
344	1c54.1028: NT Headers: 0xe8
345	1c54.1028: Timestamp: 0xd0cecc10
346	1c54.1028: Machine: 0x8664 - amd64
347	1c54.1028: Timestamp: 0xd0cecc10
348	1c54.1028: Image Version: 10.0
349	1c54.1028: SizeOfImage: 0xb2000 (729088)
350	1c54.1028: Resource Dir: 0xb0000 LB 0x520
351	1c54.1028: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352	1c54.1028: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
353	1c54.1028: ProductName: Microsoft® Windows® Operating System
354	1c54.1028: ProductVersion: 10.0.18362.329
355	1c54.1028: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
356	1c54.1028: FileDescription: Windows NT BASE API Client DLL
357	1c54.1028: \SystemRoot\System32\KernelBase.dll:
358	1c54.1028: CreationTime: 2019-11-12T21:02:18.696374500Z
359	1c54.1028: LastWriteTime: 2019-11-12T21:02:19.515375500Z
360	1c54.1028: ChangeTime: 2019-11-13T01:07:03.500085800Z
361	1c54.1028: FileAttributes: 0x20
362	1c54.1028: Size: 0x2a2908
363	1c54.1028: NT Headers: 0xf0
364	1c54.1028: Timestamp: 0x83c3d83a
365	1c54.1028: Machine: 0x8664 - amd64
366	1c54.1028: Timestamp: 0x83c3d83a
367	1c54.1028: Image Version: 10.0
368	1c54.1028: SizeOfImage: 0x2a3000 (2764800)
369	1c54.1028: Resource Dir: 0x27d000 LB 0x548
370	1c54.1028: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
371	1c54.1028: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
372	1c54.1028: ProductName: Microsoft® Windows® Operating System
373	1c54.1028: ProductVersion: 10.0.18362.476
374	1c54.1028: FileVersion: 10.0.18362.476 (WinBuild.160101.0800)
375	1c54.1028: FileDescription: Windows NT BASE API Client DLL
376	1c54.1028: \SystemRoot\System32\apisetschema.dll:
377	1c54.1028: CreationTime: 2019-03-19T04:43:54.837151500Z
378	1c54.1028: LastWriteTime: 2019-10-23T09:58:34.870639900Z
379	1c54.1028: ChangeTime: 2019-11-12T21:14:42.081621100Z
380	1c54.1028: FileAttributes: 0x20
381	1c54.1028: Size: 0x1d028
382	1c54.1028: NT Headers: 0xc8
383	1c54.1028: Timestamp: 0xd6ced080
384	1c54.1028: Machine: 0x8664 - amd64
385	1c54.1028: Timestamp: 0xd6ced080
386	1c54.1028: Image Version: 10.0
387	1c54.1028: SizeOfImage: 0x1e000 (122880)
388	1c54.1028: Resource Dir: 0x1d000 LB 0x408
389	1c54.1028: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
390	1c54.1028: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
391	1c54.1028: ProductName: Microsoft® Windows® Operating System
392	1c54.1028: ProductVersion: 10.0.18362.1
393	1c54.1028: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
394	1c54.1028: FileDescription: ApiSet Schema DLL
395	1c54.1028: Found driver mbamswissarmy (0x80)
396	1c54.1028: supR3HardenedWinFindAdversaries: 0x80
397	1c54.1028: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
398	1c54.1028: CreationTime: 2019-07-14T23:08:00.417005100Z
399	1c54.1028: LastWriteTime: 2019-10-23T09:14:30.733490000Z
400	1c54.1028: ChangeTime: 2019-10-23T09:14:30.733490000Z
401	1c54.1028: FileAttributes: 0x20
402	1c54.1028: Size: 0x43320
403	1c54.1028: NT Headers: 0xf8
404	1c54.1028: Timestamp: 0x5c9e68f9
405	1c54.1028: Machine: 0x8664 - amd64
406	1c54.1028: Timestamp: 0x5c9e68f9
407	1c54.1028: Image Version: 10.0
408	1c54.1028: SizeOfImage: 0x45000 (282624)
409	1c54.1028: Resource Dir: 0x43000 LB 0x3b8
410	1c54.1028: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
411	1c54.1028: [Raw version resource data: 0x43060 LB 0x358, codepage 0x0 (reserved 0x0)]
412	1c54.1028: ProductName: Malwarebytes SwissArmy
413	1c54.1028: ProductVersion: 4.3.0.170
414	1c54.1028: FileVersion: 4.3.0.170
415	1c54.1028: FileDescription: Malwarebytes SwissArmy
416	1c54.1028: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
417	1c54.1028: Calling main()
418	1c54.1028: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
419	1c54.1028: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
420	1c54.1028: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
421	1c54.1028: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
422	1c54.1028: SUPR3HardenedMain: Respawn #2
423	1c54.1028: supR3HardNtEnableThreadCreationEx:
424	1c54.1028: supR3HardenedDllNotificationCallback: load 00007ff937840000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
425	1c54.1028: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
426	1c54.1028: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
427	1c54.1028: supR3HardenedDllNotificationCallback: load 00007ff9394a0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
428	1c54.1028: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
429	1c54.1028: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
430	1c54.1028: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
431	1c54.1028: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
432	1c54.1028: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
433	1c54.1028: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
434	1c54.1028: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
435	1c54.1028: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
436	1c54.1028: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
437	1c54.1028: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
438	1c54.1028: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939720000 'C:\WINDOWS\System32\ntdll.dll'
439	1c54.1028: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
440	1c54.1028: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
441	1c54.1028: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
442	1c54.1028: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
443	1c54.1028: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
444	1c54.1028: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
445	1c54.1028: supR3HardenedDllNotificationCallback: load 00007ff933e90000 LB 0x0008f000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
446	1c54.1028: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
447	1c54.1028: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
448	1c54.1028: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
449	1c54.1028: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939720000 'C:\WINDOWS\System32\ntdll.dll'
450	1c54.1028: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff933e90000 'C:\WINDOWS\system32\apphelp.dll'
451	1c54.1028: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9397917f0 pvNtTerminateThread=00007ff9397bcb10
452	1c54.1028: supR3HardenedWinDoReSpawn(2): New child 1e24.48c [kernel32].
453	1c54.1028: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
454	1c54.1028: supR3HardNtChildGatherData: PebBaseAddress=0000000000952000 cbPeb=0x388
455	1c54.1028: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff939720000 uNtDllChildAddr=00007ff939720000
456	1c54.1028: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9397917f0
457	1c54.1028: supR3HardenedWinSetupChildInit: Start child.
458	1c54.1028: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
459	1c54.1028: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 57 sleeps
460	1c54.1028: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
461	1c54.1028: *0000000000000000-000000000077ffff 0x0001/0x0000 0x0000000
462	1c54.1028: *0000000000780000-000000000079ffff 0x0004/0x0004 0x0020000
463	1c54.1028: *00000000007a0000-00000000007bafff 0x0002/0x0002 0x0040000
464	1c54.1028: 00000000007bb000-00000000007bffff 0x0001/0x0000 0x0000000
465	1c54.1028: *00000000007c0000-00000000007c3fff 0x0002/0x0002 0x0040000
466	1c54.1028: 00000000007c4000-00000000007cffff 0x0001/0x0000 0x0000000
467	1c54.1028: *00000000007d0000-00000000007d1fff 0x0004/0x0004 0x0020000
468	1c54.1028: 00000000007d2000-00000000007fffff 0x0001/0x0000 0x0000000
469	1c54.1028: *0000000000800000-0000000000951fff 0x0000/0x0004 0x0020000
470	1c54.1028: 0000000000952000-0000000000954fff 0x0004/0x0004 0x0020000
471	1c54.1028: 0000000000955000-00000000009fffff 0x0000/0x0004 0x0020000
472	1c54.1028: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
473	1c54.1028: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
474	1c54.1028: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
475	1c54.1028: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
476	1c54.1028: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
477	1c54.1028: 000000007ffe1000-00007ff5146affff 0x0001/0x0000 0x0000000
478	1c54.1028: *00007ff5146b0000-00007ff5146b0fff 0x0002/0x0002 0x0040000
479	1c54.1028: 00007ff5146b1000-00007ff5146bffff 0x0001/0x0000 0x0000000
480	1c54.1028: *00007ff5146c0000-00007ff5146e2fff 0x0002/0x0002 0x0040000
481	1c54.1028: 00007ff5146e3000-00007ff74789ffff 0x0001/0x0000 0x0000000
482	1c54.1028: *00007ff7478a0000-00007ff7478a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
483	1c54.1028: 00007ff7478a1000-00007ff747915fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
484	1c54.1028: 00007ff747916000-00007ff747916fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
485	1c54.1028: 00007ff747917000-00007ff74795efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
486	1c54.1028: 00007ff74795f000-00007ff74795ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
487	1c54.1028: 00007ff747960000-00007ff747960fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
488	1c54.1028: 00007ff747961000-00007ff747965fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
489	1c54.1028: 00007ff747966000-00007ff747966fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
490	1c54.1028: 00007ff747967000-00007ff747967fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
491	1c54.1028: 00007ff747968000-00007ff74796bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
492	1c54.1028: 00007ff74796c000-00007ff7479b4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
493	1c54.1028: 00007ff7479b5000-00007ff93971ffff 0x0001/0x0000 0x0000000
494	1c54.1028: *00007ff939720000-00007ff939720fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
495	1c54.1028: 00007ff939721000-00007ff939837fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
496	1c54.1028: 00007ff939838000-00007ff93987efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
497	1c54.1028: 00007ff93987f000-00007ff93988afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
498	1c54.1028: 00007ff93988b000-00007ff939899fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
499	1c54.1028: 00007ff93989a000-00007ff93989afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
500	1c54.1028: 00007ff93989b000-00007ff93989dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
501	1c54.1028: 00007ff93989e000-00007ff93990ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
502	1c54.1028: 00007ff939910000-00007ffffffeffff 0x0001/0x0000 0x0000000
503	1c54.1028: VirtualBoxVM.exe: timestamp 0x5d9f7c37 (rc=VINF_SUCCESS)
504	1c54.1028: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
505	1c54.1028: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
506	1c54.1028: supR3HardNtChildPurify: Done after 734 ms and 0 fixes (loop #0).
507	1e24.48c: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
508	1c54.1028: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000700000 LB 0x400000)
509	1e24.48c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff939720000 g_uNtVerCombined=0xa047bb00
510	1c54.1028: supR3HardNtEnableThreadCreationEx:
511	1e24.48c: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS)
512	1e24.48c: New simple heap: #1 0000000000c00000 LB 0x400000 (for 2031616 allocation)
513	1e24.48c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
514	1e24.48c: System32: \Device\HarddiskVolume2\Windows\System32
515	1e24.48c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
516	1e24.48c: KnownDllPath: C:\WINDOWS\System32
517	1e24.48c: supR3HardenedVmProcessInit: Opening vboxdrv...
518	1e24.48c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
519	1e24.48c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
520	1e24.48c: Registered Dll notification callback with NTDLL.
521	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
522	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
523	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
524	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9368c0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
525	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
526	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
527	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff939330000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
528	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
529	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939330000 'C:\WINDOWS\System32\KERNEL32.DLL'
530	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff7478a0000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
531	1e24.48c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
532	1e24.48c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
533	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
534	1e24.48c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9397917f0 pvNtTerminateThread=00007ff9397bcb10
535	1c54.1028: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 213 ms.
536	1e24.48c: \SystemRoot\System32\ntdll.dll:
537	1e24.48c: CreationTime: 2019-10-09T07:15:15.782952500Z
538	1e24.48c: LastWriteTime: 2019-10-09T07:15:16.191946200Z
539	1e24.48c: ChangeTime: 2019-11-12T21:16:16.798042000Z
540	1e24.48c: FileAttributes: 0x820
541	1e24.48c: Size: 0x1e8528
542	1e24.48c: NT Headers: 0xd8
543	1e24.48c: Timestamp: 0x99ca0526
544	1e24.48c: Machine: 0x8664 - amd64
545	1e24.48c: Timestamp: 0x99ca0526
546	1e24.48c: Image Version: 10.0
547	1e24.48c: SizeOfImage: 0x1f0000 (2031616)
548	1e24.48c: Resource Dir: 0x17f000 LB 0x6f310
549	1e24.48c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
550	1e24.48c: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
551	1e24.48c: ProductName: Microsoft® Windows® Operating System
552	1e24.48c: ProductVersion: 10.0.18362.418
553	1e24.48c: FileVersion: 10.0.18362.418 (WinBuild.160101.0800)
554	1e24.48c: FileDescription: NT Layer DLL
555	1e24.48c: \SystemRoot\System32\kernel32.dll:
556	1e24.48c: CreationTime: 2019-09-06T08:50:11.805475900Z
557	1e24.48c: LastWriteTime: 2019-09-06T08:50:12.063263600Z
558	1e24.48c: ChangeTime: 2019-11-12T21:14:43.929620400Z
559	1e24.48c: FileAttributes: 0x820
560	1e24.48c: Size: 0xb0570
561	1e24.48c: NT Headers: 0xe8
562	1e24.48c: Timestamp: 0xd0cecc10
563	1e24.48c: Machine: 0x8664 - amd64
564	1e24.48c: Timestamp: 0xd0cecc10
565	1e24.48c: Image Version: 10.0
566	1e24.48c: SizeOfImage: 0xb2000 (729088)
567	1e24.48c: Resource Dir: 0xb0000 LB 0x520
568	1e24.48c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
569	1e24.48c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
570	1e24.48c: ProductName: Microsoft® Windows® Operating System
571	1e24.48c: ProductVersion: 10.0.18362.329
572	1e24.48c: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
573	1e24.48c: FileDescription: Windows NT BASE API Client DLL
574	1e24.48c: \SystemRoot\System32\KernelBase.dll:
575	1e24.48c: CreationTime: 2019-11-12T21:02:18.696374500Z
576	1e24.48c: LastWriteTime: 2019-11-12T21:02:19.515375500Z
577	1e24.48c: ChangeTime: 2019-11-13T01:07:03.500085800Z
578	1e24.48c: FileAttributes: 0x20
579	1e24.48c: Size: 0x2a2908
580	1e24.48c: NT Headers: 0xf0
581	1e24.48c: Timestamp: 0x83c3d83a
582	1e24.48c: Machine: 0x8664 - amd64
583	1e24.48c: Timestamp: 0x83c3d83a
584	1e24.48c: Image Version: 10.0
585	1e24.48c: SizeOfImage: 0x2a3000 (2764800)
586	1e24.48c: Resource Dir: 0x27d000 LB 0x548
587	1e24.48c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
588	1e24.48c: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
589	1e24.48c: ProductName: Microsoft® Windows® Operating System
590	1e24.48c: ProductVersion: 10.0.18362.476
591	1e24.48c: FileVersion: 10.0.18362.476 (WinBuild.160101.0800)
592	1e24.48c: FileDescription: Windows NT BASE API Client DLL
593	1e24.48c: \SystemRoot\System32\apisetschema.dll:
594	1e24.48c: CreationTime: 2019-03-19T04:43:54.837151500Z
595	1e24.48c: LastWriteTime: 2019-10-23T09:58:34.870639900Z
596	1e24.48c: ChangeTime: 2019-11-12T21:14:42.081621100Z
597	1e24.48c: FileAttributes: 0x20
598	1e24.48c: Size: 0x1d028
599	1e24.48c: NT Headers: 0xc8
600	1e24.48c: Timestamp: 0xd6ced080
601	1e24.48c: Machine: 0x8664 - amd64
602	1e24.48c: Timestamp: 0xd6ced080
603	1e24.48c: Image Version: 10.0
604	1e24.48c: SizeOfImage: 0x1e000 (122880)
605	1e24.48c: Resource Dir: 0x1d000 LB 0x408
606	1e24.48c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
607	1e24.48c: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
608	1e24.48c: ProductName: Microsoft® Windows® Operating System
609	1e24.48c: ProductVersion: 10.0.18362.1
610	1e24.48c: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
611	1e24.48c: FileDescription: ApiSet Schema DLL
612	1e24.48c: Found driver mbamswissarmy (0x80)
613	1e24.48c: supR3HardenedWinFindAdversaries: 0x80
614	1e24.48c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
615	1e24.48c: CreationTime: 2019-07-14T23:08:00.417005100Z
616	1e24.48c: LastWriteTime: 2019-10-23T09:14:30.733490000Z
617	1e24.48c: ChangeTime: 2019-10-23T09:14:30.733490000Z
618	1e24.48c: FileAttributes: 0x20
619	1e24.48c: Size: 0x43320
620	1e24.48c: NT Headers: 0xf8
621	1e24.48c: Timestamp: 0x5c9e68f9
622	1e24.48c: Machine: 0x8664 - amd64
623	1e24.48c: Timestamp: 0x5c9e68f9
624	1e24.48c: Image Version: 10.0
625	1e24.48c: SizeOfImage: 0x45000 (282624)
626	1e24.48c: Resource Dir: 0x43000 LB 0x3b8
627	1e24.48c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
628	1e24.48c: [Raw version resource data: 0x43060 LB 0x358, codepage 0x0 (reserved 0x0)]
629	1e24.48c: ProductName: Malwarebytes SwissArmy
630	1e24.48c: ProductVersion: 4.3.0.170
631	1e24.48c: FileVersion: 4.3.0.170
632	1e24.48c: FileDescription: Malwarebytes SwissArmy
633	1e24.48c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
634	1e24.48c: Calling main()
635	1e24.48c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
636	1e24.48c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
637	1e24.48c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
638	1e24.48c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
639	1e24.48c: SUPR3HardenedMain: Final process, opening VBoxDrv...
640	1e24.48c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
641	1e24.48c: supR3HardNtEnableThreadCreationEx:
642	1e24.48c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
643	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
644	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
645	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
646	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff933fe0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
647	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
648	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
649	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
650	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff933fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
651	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
652	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
653	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff933fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
654	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff933fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
655	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
656	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
657	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
658	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
659	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
660	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
661	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
662	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
663	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
664	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
665	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
666	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
667	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
668	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
669	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
670	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
671	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
672	1e24.48c: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
673	1e24.48c: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
674	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
675	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
676	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
677	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
678	1e24.48c: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
679	1e24.48c: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
680	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
681	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
682	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
683	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
684	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
685	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
686	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff938df0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
687	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
688	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936670000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
689	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
690	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936d70000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
691	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
692	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
693	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936770000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
694	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
695	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff937840000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
696	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
697	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936b70000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
698	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
699	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
700	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
701	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9368c0000 'api-ms-win-core-synch-l1-2-0'
702	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
703	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
704	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9368c0000 'api-ms-win-core-fibers-l1-1-1'
705	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
706	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
707	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9368c0000 'api-ms-win-core-fibers-l1-1-1'
708	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
709	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
710	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9368c0000 'api-ms-win-core-synch-l1-2-0'
711	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
712	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
713	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9368c0000 'api-ms-win-core-localization-l1-2-1'
714	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936b70000 'C:\WINDOWS\system32\Wintrust.dll'
715	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
716	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
717	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
718	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff937620000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
719	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
720	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937620000 'C:\WINDOWS\system32\bcrypt.dll'
721	1e24.48c: bcrypt.dll loaded at 00007ff937620000, BCryptOpenAlgorithmProvider at 00007ff937624c70, preloading providers:
722	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
723	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
724	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
725	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff937750000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
726	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
727	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937750000 'C:\WINDOWS\system32\bcryptprimitives.dll'
728	1e24.48c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000102ecd0)
729	1e24.48c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000102fa30)
730	1e24.48c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000102fd30)
731	1e24.48c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001030030)
732	1e24.48c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001030330)
733	1e24.48c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001030630)
734	1e24.48c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001030930)
735	1e24.48c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001030c30)
736	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936750000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
737	1e24.48c: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
738	1e24.48c: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
739	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
740	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
741	1e24.48c: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
742	1e24.48c: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
743	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
744	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
745	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
746	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
747	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
748	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
749	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
750	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
751	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9359d0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
752	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
753	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
754	1e24.48c: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
755	1e24.48c: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
756	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
757	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
758	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
759	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936030000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
760	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
761	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
762	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
763	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
764	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
765	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
766	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939330000 'C:\WINDOWS\System32\kernel32.dll'
767	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
768	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
769	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936b70000 'C:\WINDOWS\System32\WINTRUST.DLL'
770	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
771	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
772	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\CRYPT32.dll'
773	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff938700000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
774	1e24.48c: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
775	1e24.48c: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
776	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
777	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
778	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
779	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
780	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
781	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
782	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
783	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
784	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
785	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9394a0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
786	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
787	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
788	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
789	1e24.48c: \Device\HarddiskVolume2\Windows\System32\gpapi.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
790	1e24.48c: \Device\HarddiskVolume2\Windows\System32\gpapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
791	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
792	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
793	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
794	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
795	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9351f0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
796	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
797	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936600000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
798	1e24.48c: \Device\HarddiskVolume2\Windows\System32\profapi.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
799	1e24.48c: \Device\HarddiskVolume2\Windows\System32\profapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
800	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
801	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
802	1e24.48c: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
803	1e24.48c: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
804	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
805	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
806	1e24.48c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
807	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
808	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
809	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
810	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
811	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
812	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
813	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
814	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
815	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
816	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
817	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
818	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
819	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
820	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
821	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
822	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
823	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
824	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
825	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9297d0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
826	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
827	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
828	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
829	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
830	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
831	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
832	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
833	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
834	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
835	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
836	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
837	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
838	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
839	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
840	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
841	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
842	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
843	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
844	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
845	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
846	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
847	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
848	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
849	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
850	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
851	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
852	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
853	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
854	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
855	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\WINDOWS\System32\cryptnet.dll'
856	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
857	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9297d0000 'C:\Windows\System32\cryptnet.dll'
858	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9391d0000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
859	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
860	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
861	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
862	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
863	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
864	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
865	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
866	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
867	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
868	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
869	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
870	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
871	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
872	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
873	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
874	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
875	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
876	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
877	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
878	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
879	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
880	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001743050
881	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
882	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E42142C43484BA84DDDB10D97303487D47E882DE
883	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
884	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
885	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937840000 'C:\WINDOWS\System32\rpcrt4.dll'
886	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
887	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
888	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
889	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
890	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
891	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
892	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\SystemRoot\System32\ntdll.dll'
893	1e24.48c: g_pfnWinVerifyTrust=00007ff936b761f0
894	1e24.48c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
895	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
896	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
897	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
898	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
899	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
900	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
901	1e24.48c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
902	1e24.48c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
903	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
904	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
905	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
906	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
907	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
908	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
909	1e24.48c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
910	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
911	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
912	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
913	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
914	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
915	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a8 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
916	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
917	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
918	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
919	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
920	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
921	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
922	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
923	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
924	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
925	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
926	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
927	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
928	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
929	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
930	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
931	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
932	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
933	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
934	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
935	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
936	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
937	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
938	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
939	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
940	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
941	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
942	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
943	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
944	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
945	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
946	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
947	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
948	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
949	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
950	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
951	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
952	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
953	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
954	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
955	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
956	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
957	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
958	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
959	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
960	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
961	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
962	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
963	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
964	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
965	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
966	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
967	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
968	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
969	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
970	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
971	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
972	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
973	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
974	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
975	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
976	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
977	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
978	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
979	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
980	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
981	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
982	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
983	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
984	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\system32\crypt32.dll'
985	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x2d281fd08c6e8eb3 CN=WZT
986	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
987	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x7275300b7705cd00 CN=shodan
988	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
989	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
990	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
991	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
992	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x79900b93675b9600 C=US, CN=The Filter
993	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xad4339a0b9c2ae00 C=US, ST=California, L=Irvine, O=Blizzard Entertainment, OU=Battle.net, CN=Blizzard Battle.net Local Cert
994	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
995	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
996	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
997	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xa30b6913205dc200 CN=shodan
998	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xc14b7a9c0500a600 CN=shodan1
999	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xd140ebc339a98a2f CN=WZTeam
1000	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
1001	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1002	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1003	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
1004	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xa313393f1b21aa73 C=RU, ST=New York, L=Rochester, O=End Point, OU=Domain uploads.yandex.ru, Email=support@uploads.yandex.ru, CN=uploads.yandex.ru
1005	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1006	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1007	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
1008	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
1009	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
1010	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
1011	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1012	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x6e864c7a8071ba00 C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
1013	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1014	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
1015	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1016	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1017	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1018	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1019	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1020	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
1021	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1022	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
1023	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1024	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1025	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1026	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1027	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1028	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1029	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
1030	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
1031	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1032	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1033	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1034	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1035	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1036	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
1037	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
1038	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1039	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1040	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1041	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1042	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1043	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
1044	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1045	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
1046	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
1047	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
1048	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1049	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1050	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1051	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1052	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
1053	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1054	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1055	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
1056	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
1057	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1058	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1059	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
1060	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
1061	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1062	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1063	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1064	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1065	1e24.48c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1066	1e24.48c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=81
1067	1e24.48c: SUPR3HardenedMain: Load Runtime...
1068	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1069	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1070	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1071	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1072	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1073	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1074	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1075	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1076	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1077	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1078	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1079	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1080	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1081	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1082	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1083	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1084	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1085	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1086	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1087	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1088	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1089	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1090	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1091	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1092	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1093	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1094	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1095	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1096	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1097	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1098	1e24.48c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1099	1e24.48c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
1100	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1101	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1102	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1103	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1104	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1105	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1106	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1107	1e24.48c: supR3HardenedDllNotificationCallback: load 00000000741a0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1108	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1109	1e24.48c: supR3HardenedDllNotificationCallback: load 0000000074100000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1110	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1111	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff939430000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
1112	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1113	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff90b920000 LB 0x005e2000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1114	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1115	1e24.48c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1116	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1117	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1118	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1119	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1120	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1121	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1122	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1123	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1124	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1125	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1126	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1127	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1128	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1129	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1130	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1131	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1132	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1133	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1134	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1135	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1136	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1137	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1138	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1139	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1140	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1141	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1142	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1143	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1144	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1145	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1146	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1147	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1148	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1149	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1150	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1151	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1152	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1153	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1154	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1155	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1156	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1157	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1158	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1159	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1160	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1161	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1162	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1163	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1164	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1165	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b920000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1166	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1167	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1168	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936b70000 'C:\WINDOWS\system32\Wintrust.dll'
1169	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1170	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1171	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1172	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1173	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1174	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1175	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\system32\crypt32.dll'
1176	1e24.48c: SUPR3HardenedMain: Load TrustedMain...
1177	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1178	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1179	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
1180	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1181	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1182	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1183	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
1184	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
1185	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
1186	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1187	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1188	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
1189	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
1190	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
1191	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
1192	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1193	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1194	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1195	1e24.48c: \Device\HarddiskVolume2\Windows\System32\winmm.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
1196	1e24.48c: \Device\HarddiskVolume2\Windows\System32\winmm.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
1197	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1198	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1199	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1200	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1201	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1202	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1203	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1204	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1205	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1206	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1207	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1208	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1209	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1210	1e24.48c: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
1211	1e24.48c: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
1212	1e24.48c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1213	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1214	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
1215	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
1216	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1217	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1218	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1219	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1220	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1221	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1222	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1223	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1224	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1225	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1226	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1227	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1228	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1229	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1230	1e24.48c: \Device\HarddiskVolume2\Windows\System32\ole32.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
1231	1e24.48c: \Device\HarddiskVolume2\Windows\System32\ole32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
1232	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1233	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1234	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1235	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1236	1e24.48c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1237	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1238	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
1239	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
1240	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
1241	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1242	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1243	1e24.48c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1244	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
1245	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1246	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1247	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1248	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1249	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1250	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1251	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1252	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1253	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1254	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
1255	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
1256	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
1257	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1258	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1259	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1260	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1261	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1262	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1263	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1264	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1265	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1266	1e24.48c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1267	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1268	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1269	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1270	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1271	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1272	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1273	1e24.48c: \Device\HarddiskVolume2\Windows\System32\gdi32.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
1274	1e24.48c: \Device\HarddiskVolume2\Windows\System32\gdi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
1275	1e24.48c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1276	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
1277	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1278	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1279	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1280	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1281	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1282	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1283	1e24.48c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1284	1e24.48c: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
1285	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
1286	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
1287	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1288	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1289	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1290	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1291	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1292	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1293	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1294	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1295	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1296	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1297	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust
1298	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1299	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1300	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1301	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1302	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1303	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1304	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1305	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1306	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1307	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1308	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1309	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1310	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1311	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1312	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1313	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1314	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1315	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1316	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1317	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1318	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1319	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1320	1e24.48c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1321	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1322	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1323	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1324	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1325	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1326	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1327	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1328	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1329	1e24.48c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1330	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1331	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1332	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1333	1e24.48c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1334	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1335	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1336	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1337	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1338	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1339	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1340	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1341	1e24.48c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1342	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1343	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1344	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1345	1e24.48c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1346	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1347	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1348	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1349	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1350	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1351	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1352	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1353	1e24.48c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1354	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1355	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1356	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1357	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1358	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1359	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1360	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1361	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1362	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1363	1e24.48c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1364	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
1365	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
1366	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
1367	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1368	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1369	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1370	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1371	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1372	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1373	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1374	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1375	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1376	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1377	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1378	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1379	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1380	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1381	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1382	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1383	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1384	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1385	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1386	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1387	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1388	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1389	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1390	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1391	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1392	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1393	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1394	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1395	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1396	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1397	1e24.48c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1398	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1399	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1400	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1401	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1402	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1403	1e24.48c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1404	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1405	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1406	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1407	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1408	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1409	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1410	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1411	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1412	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1413	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1414	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1415	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1416	1e24.48c: \Device\HarddiskVolume2\Windows\System32\mpr.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
1417	1e24.48c: \Device\HarddiskVolume2\Windows\System32\mpr.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
1418	1e24.48c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1419	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
1420	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1421	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1422	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1423	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1424	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1425	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1426	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1427	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1428	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1429	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1430	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1431	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1432	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1433	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1434	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1435	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1436	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1437	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1438	1e24.48c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1439	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1440	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1441	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1442	1e24.48c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1443	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1444	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1445	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1446	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1447	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1448	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1449	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1450	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1451	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1452	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1453	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1454	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1455	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1456	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1457	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1458	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1459	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1460	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1461	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1462	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1463	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1464	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1465	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1466	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1467	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1468	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1469	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1470	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1471	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1472	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1473	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1474	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1475	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1476	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1477	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1478	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1479	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1480	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1481	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1482	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1483	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1484	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1485	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1486	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1487	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1488	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1489	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1490	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1491	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1492	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1493	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1494	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1495	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1496	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1497	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1498	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1499	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1500	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1501	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1502	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1503	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1504	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1505	1e24.48c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1506	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1507	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1508	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1509	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1510	1e24.48c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1511	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1512	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1513	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1514	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1515	1e24.48c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1516	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1517	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1518	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1519	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1520	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1521	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
1522	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
1523	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1524	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1525	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
1526	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1527	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1528	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
1529	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1530	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1531	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
1532	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1533	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1534	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
1535	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
1536	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1537	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1538	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1539	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1540	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
1541	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
1542	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26
1543	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1544	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1545	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1546	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1547	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1548	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1549	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1550	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1551	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1552	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1553	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1554	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1555	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1556	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1557	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1558	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1559	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1560	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1561	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1562	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1563	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1564	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1565	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1566	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1567	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1568	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1569	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1570	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1571	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1572	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.449.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1573	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1574	1e24.48c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1575	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1576	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1577	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1578	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
1579	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1580	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1581	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1582	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1583	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1584	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1585	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1586	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1587	1e24.48c: \Device\HarddiskVolume2\Windows\System32\DXCore.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
1588	1e24.48c: \Device\HarddiskVolume2\Windows\System32\DXCore.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
1589	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1590	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
1591	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DXCore.dll)
1592	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DXCore.dll
1593	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9375f0000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
1594	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1595	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9366b0000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
1596	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1597	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936bd0000 LB 0x00194000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
1598	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1599	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1600	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1601	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1602	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
1603	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
1604	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9393f0000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
1605	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1606	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff939540000 LB 0x00194000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
1607	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [avoiding WinVerifyTrust]
1608	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff938e90000 LB 0x00336000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
1609	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1610	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff937650000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
1611	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
1612	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1613	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff935240000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
1614	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
1615	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff92eb20000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1616	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1617	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff90e4f0000 LB 0x00156000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1618	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1619	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff939280000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
1620	1e24.48c: \Device\HarddiskVolume2\Windows\System32\SHCore.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
1621	1e24.48c: \Device\HarddiskVolume2\Windows\System32\SHCore.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
1622	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1623	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
1624	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
1625	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
1626	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1627	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9365f0000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0]
1628	1e24.48c: \Device\HarddiskVolume2\Windows\System32\umpdc.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
1629	1e24.48c: \Device\HarddiskVolume2\Windows\System32\umpdc.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
1630	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\umpdc.dll)
1631	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\umpdc.dll
1632	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936620000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
1633	1e24.48c: \Device\HarddiskVolume2\Windows\System32\powrprof.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
1634	1e24.48c: \Device\HarddiskVolume2\Windows\System32\powrprof.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
1635	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
1636	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
1637	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
1638	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1639	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff938430000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
1640	1e24.48c: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
1641	1e24.48c: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
1642	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1643	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
1644	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
1645	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1646	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1647	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936690000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
1648	1e24.48c: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
1649	1e24.48c: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
1650	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1651	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1652	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
1653	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
1654	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936e70000 LB 0x0077e000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
1655	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
1656	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
1657	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
1658	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
1659	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
1660	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
1661	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff937c00000 LB 0x006e5000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
1662	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
1663	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff938490000 LB 0x00156000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
1664	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1665	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff92a250000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
1666	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1667	1e24.48c: supR3HardenedDllNotificationCallback: load 0000000072aa0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1668	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1669	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff90b320000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1670	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1671	1e24.48c: supR3HardenedDllNotificationCallback: load 0000000072530000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1672	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1673	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff937970000 LB 0x000c4000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
1674	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1675	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff8fe660000 LB 0x02387000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
1676	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
1677	1e24.48c: supR3HardenedDllNotificationCallback: load 0000000074060000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1678	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1679	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff92b380000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1680	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1681	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff92b3b0000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1682	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1683	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff90c610000 LB 0x00188000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
1684	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1685	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
1686	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
1687	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
1688	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
1689	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1690	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
1691	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
1692	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
1693	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
1694	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rescheduled]
1695	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
1696	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
1697	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
1698	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
1699	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1700	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1701	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\DXCore.dll'.
1702	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\DXCore.dll' [rescheduled]
1703	1e24.48c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1704	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1705	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1706	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1707	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1708	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rescheduled]
1709	1e24.48c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1710	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1711	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1712	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1713	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1714	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1715	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1716	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled]
1717	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1718	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1719	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1720	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1721	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1722	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
1723	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1724	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1725	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1726	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1727	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1728	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1729	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1730	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1731	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1732	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1733	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1734	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1735	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1736	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1737	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1738	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1739	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1740	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1741	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1742	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1743	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1744	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1745	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1746	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1747	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
1748	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1749	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1750	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1751	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1752	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1753	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1754	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1755	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
1756	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume2\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
1757	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
1758	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\umpdc.dll'.
1759	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\umpdc.dll
1760	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1761	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1762	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1763	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1764	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1765	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1766	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1767	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1768	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1769	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1770	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1771	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1772	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1773	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1774	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1775	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1776	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1777	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1778	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1779	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1780	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1781	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
1782	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1783	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1784	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1785	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1786	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1787	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1788	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1789	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1790	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1791	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1792	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1793	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1794	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1795	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1796	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1797	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1798	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1799	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1800	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1801	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1802	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1803	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939330000 'C:\WINDOWS\System32\kernel32.dll'
1804	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1805	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1806	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9368c0000 'api-ms-win-core-string-l1-1-0'
1807	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1808	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1809	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9368c0000 'api-ms-win-core-datetime-l1-1-1'
1810	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1811	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1812	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9368c0000 'api-ms-win-core-localization-obsolete-l1-2-0'
1813	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1814	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1815	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
1816	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1817	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1818	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1819	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1820	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1821	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1822	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1823	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1824	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1825	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1826	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1827	1e24.48c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll
1828	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1829	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff938d60000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
1830	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1831	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff938d60000 'C:\WINDOWS\system32\IMM32.DLL'
1832	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1833	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1834	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1835	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1836	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9391d0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
1837	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c610000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
1838	1e24.48c: SUPR3HardenedMain: Calling TrustedMain (00007ff90c6116c0)...
1839	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1840	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1841	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1842	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1843	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1844	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1845	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1846	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1847	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1848	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1849	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1850	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1851	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1852	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1853	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1854	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1855	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1856	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1857	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1858	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1859	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1860	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1861	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1862	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1863	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1864	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1865	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1866	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [redoing WinVerifyTrust]
1867	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1868	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1869	1e24.48c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1870	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1871	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1872	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1873	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1874	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1875	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1876	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1877	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1878	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1879	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1880	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1881	1e24.48c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1882	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1883	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1884	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1885	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1886	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1887	1e24.48c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1888	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1889	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1890	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1891	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1892	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1893	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1894	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1895	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1896	1e24.48c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1897	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1898	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1899	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff90ca90000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1900	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1901	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ca90000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1902	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000568 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1903	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
1904	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
1905	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=286AD1CEC16EFDCA5718925D19E68A486A5851A0
1906	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1907	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1908	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1909	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1910	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1911	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1912	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
1913	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1914	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1915	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1916	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1917	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1918	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1919	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1920	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1921	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1922	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1923	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff934860000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
1924	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1925	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff934860000 'C:\WINDOWS\system32\uxtheme.dll'
1926	1e24.48c: \Device\HarddiskVolume2\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll: Owner is administrators group.
1927	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1928	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'.
1929	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmm.dll'.
1930	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1931	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1932	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll) WinVerifyTrust
1933	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
1934	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1935	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1936	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1937	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1938	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1939	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1940	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1941	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1942	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1943	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
1944	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1945	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1946	1e24.48c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1947	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1948	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
1949	1e24.48c: supR3HardenedDllNotificationCallback: load 0000000180000000 LB 0x00272000 C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll [fFlags=0x0]
1950	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
1951	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000180000000 'C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll'
1952	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1953	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\user32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1954	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939540000 'C:\WINDOWS\system32\user32.dll'
1955	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1956	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1957	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
1958	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
1959	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1960	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1961	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
1962	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1963	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939280000 'C:\WINDOWS\system32\SHCore.dll'
1964	1e24.48c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
1965	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
1966	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1967	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1968	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\system32\winmm.dll'
1969	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1970	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1971	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\system32\winmm.dll'
1972	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1973	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1974	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
1975	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1976	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1977	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff934860000 'C:\WINDOWS\system32\uxtheme.dll'
1978	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1979	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1980	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9391d0000 'C:\WINDOWS\system32\advapi32.dll'
1981	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
1982	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
1983	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1984	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
1985	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
1986	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
1987	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1988	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1989	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1990	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1991	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1992	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1993	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1994	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff936510000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
1995	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1996	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936510000 'C:\WINDOWS\system32\userenv.dll'
1997	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1998	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1999	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939330000 'C:\WINDOWS\System32\kernel32.dll'
2000	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9385f0000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
2001	1e24.48c: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2002	1e24.48c: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2003	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2004	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2005	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
2006	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2007	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2008	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2009	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2010	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2011	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2012	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2013	1e24.2b60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2014	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2015	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2016	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2017	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2018	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2019	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2020	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2021	1e24.2b60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2022	1e24.2b60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2023	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2024	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2025	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2026	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2027	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2028	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2029	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2030	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2031	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2032	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2033	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2034	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2035	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2036	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2037	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2038	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2039	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2040	1e24.2b60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2041	1e24.2b60: supR3HardenedDllNotificationCallback: load 00007ff9049d0000 LB 0x003a4000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2042	1e24.2b60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2043	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9049d0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2044	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2045	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2046	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2047	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2048	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2049	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2050	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2051	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2052	1e24.2b60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2053	1e24.2b60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2054	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2055	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2056	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2057	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2058	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2059	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2060	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2061	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2062	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2063	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2064	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2065	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2066	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2067	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2068	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2069	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2070	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2071	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2072	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2073	1e24.2b60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2074	1e24.2b60: supR3HardenedDllNotificationCallback: load 00007ff90c9b0000 LB 0x000d5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2075	1e24.2b60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2076	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c9b0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2077	1e24.2b60: \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2078	1e24.2b60: \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2079	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000734 pwszName=\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
2080	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
2081	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
2082	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=18F5337EE7F9E69042ABA03B5E3E62E237D3C5A9
2083	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2084	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2085	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0211~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll'
2086	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2087	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2088	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2089	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
2090	1e24.2b60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll) WinVerifyTrust
2091	1e24.2b60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
2092	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2093	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2094	1e24.2b60: \Device\HarddiskVolume2\Windows\System32\version.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2095	1e24.2b60: \Device\HarddiskVolume2\Windows\System32\version.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2096	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2097	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2098	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2099	1e24.2b60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
2100	1e24.2b60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
2101	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2102	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2103	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2104	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2105	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2106	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2107	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msiltcfg.dll (Input=msiltcfg.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2108	1e24.2b60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
2109	1e24.2b60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2110	1e24.2b60: supR3HardenedDllNotificationCallback: load 00007ff92e8b0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
2111	1e24.2b60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2112	1e24.2b60: supR3HardenedDllNotificationCallback: load 00007ff92a470000 LB 0x0000a000 C:\WINDOWS\System32\msiltcfg.dll [fFlags=0x0]
2113	1e24.2b60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
2114	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a470000 'C:\WINDOWS\System32\msiltcfg.dll'
2115	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939540000 'C:\WINDOWS\System32\user32.dll'
2116	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006e0 pwszName=\Device\HarddiskVolume2\Windows\System32\msi.dll
2117	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
2118	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
2119	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E07235823200E1F512A3AB1B2628DC18E25FBC0B
2120	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2121	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2122	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0211~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\msi.dll'
2123	1e24.2b60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2124	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2125	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2126	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2127	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
2128	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
2129	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2130	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
2131	1e24.2b60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'bcrypt.dll'.
2132	1e24.2b60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msi.dll) WinVerifyTrust
2133	1e24.2b60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msi.dll
2134	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2135	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2136	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2137	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2138	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2139	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2140	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2141	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2142	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2143	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2144	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2145	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2146	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2147	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2148	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2149	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2150	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2151	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2152	1e24.2b60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2153	1e24.2b60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2154	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msi.dll (Input=msi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2155	1e24.2b60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msi.dll
2156	1e24.2b60: supR3HardenedDllNotificationCallback: load 00007ff91eb30000 LB 0x00466000 C:\WINDOWS\System32\msi.dll [fFlags=0x0]
2157	1e24.2b60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msi.dll
2158	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eb30000 'C:\WINDOWS\System32\msi.dll'
2159	1e24.2b60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
2160	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msiltcfg.dll (Input=msiltcfg.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2161	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a470000 'C:\WINDOWS\System32\msiltcfg.dll'
2162	1e24.2b60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2163	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2164	1e24.2b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937970000 'C:\WINDOWS\system32\oleaut32.dll'
2165	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9393f0000 'C:\WINDOWS\system32\gdi32.dll'
2166	1e24.a1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2167	1e24.a1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2168	1e24.a1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2169	1e24.a1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2170	1e24.a1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2171	1e24.a1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
2172	1e24.a1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2173	1e24.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2174	1e24.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2175	1e24.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2176	1e24.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2177	1e24.a1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2178	1e24.a1c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2179	1e24.a1c: supR3HardenedDllNotificationCallback: load 00007ff9319f0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
2180	1e24.a1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2181	1e24.a1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9319f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
2182	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2183	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2184	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937970000 'C:\Windows\System32\oleaut32.dll'
2185	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2186	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2187	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
2188	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9382f0000 LB 0x00136000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
2189	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2190	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
2191	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
2192	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
2193	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
2194	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
2195	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
2196	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2197	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2198	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2199	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2200	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2201	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2202	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2203	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2204	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2205	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2206	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2207	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2208	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2209	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2210	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2211	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2212	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2213	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2214	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2215	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2216	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
2217	1e24.48c: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2218	1e24.48c: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2219	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aac pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2220	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
2221	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
2222	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3632E0380EF7C400BBC7C4B0B9ED8D9F9860503B
2223	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2224	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2225	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
2226	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2227	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2228	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
2229	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
2230	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
2231	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
2232	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
2233	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2234	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2235	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2236	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2237	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2238	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2239	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
2240	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
2241	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2242	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2243	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2244	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2245	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2246	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
2247	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2248	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2249	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2250	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2251	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2252	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2253	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
2254	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
2255	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
2256	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2257	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2258	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2259	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
2260	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2261	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2262	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2263	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2264	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2265	1e24.48c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
2266	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2267	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
2268	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
2269	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
2270	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2271	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2272	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2273	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2274	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2275	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2276	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2277	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2278	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2279	1e24.48c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
2280	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2281	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2282	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2283	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2284	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2285	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2286	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2287	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2288	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2289	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2290	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9352d0000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
2291	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2292	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff933270000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
2293	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2294	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9334d0000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
2295	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2296	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9314d0000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
2297	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2298	1e24.48c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
2299	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rescheduled]
2300	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9393f0000 'C:\WINDOWS\System32\gdi32.dll'
2301	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9314d0000 'C:\WINDOWS\system32\dataexchange.dll'
2302	1e24.48c: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2303	1e24.48c: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2304	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
2305	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
2306	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
2307	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
2308	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
2309	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
2310	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2311	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
2312	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rmclient.dll)
2313	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rmclient.dll
2314	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff934e50000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
2315	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
2316	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff934a20000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2317	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2318	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2319	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2320	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2321	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2322	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2323	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2324	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
2325	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2326	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2327	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2328	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2329	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2330	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
2331	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume2\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
2332	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
2333	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2334	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2335	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rmclient.dll'
2336	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2337	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2338	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
2339	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2340	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2341	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939280000 'C:\WINDOWS\system32\Shcore.dll'
2342	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
2343	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
2344	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
2345	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
2346	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
2347	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
2348	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
2349	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff938490000 'C:\WINDOWS\System32\ole32.dll'
2350	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937970000 'C:\WINDOWS\System32\OLEAUT32.dll'
2351	1e24.48c: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2352	1e24.48c: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2353	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b90 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2354	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
2355	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
2356	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D
2357	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2358	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2359	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2360	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2361	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2362	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2363	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2364	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2365	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2366	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2367	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2368	1e24.48c: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2369	1e24.48c: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2370	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b60 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2371	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
2372	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
2373	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
2374	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2375	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2376	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2377	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2378	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2379	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
2380	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
2381	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2382	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2383	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2384	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2385	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2386	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2387	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2388	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2389	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2390	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2391	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2392	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2393	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2394	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2395	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2396	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2397	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2398	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2399	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff92fc60000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2400	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2401	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff92ffd0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2402	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2403	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2404	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2405	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9368c0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2406	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92ffd0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2407	1e24.48c: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2408	1e24.48c: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2409	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2410	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
2411	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
2412	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF
2413	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2414	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2415	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2416	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2417	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2418	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2419	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2420	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2421	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2422	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2423	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2424	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2425	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2426	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2427	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9310b0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2428	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2429	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9310b0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2430	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2431	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2432	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9368c0000 'api-ms-win-core-localization-l1-2-0.dll'
2433	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2434	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2435	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9368c0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2436	1e24.48c: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2437	1e24.48c: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2438	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bcc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2439	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
2440	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
2441	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
2442	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2443	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2444	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2445	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2446	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2447	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
2448	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2449	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2450	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2451	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2452	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2453	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2454	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2455	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2456	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2457	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff92fab0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2458	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2459	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92fab0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2460	1e24.48c: \Device\HarddiskVolume2\Windows\System32\amsi.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2461	1e24.48c: \Device\HarddiskVolume2\Windows\System32\amsi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2462	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba4 pwszName=\Device\HarddiskVolume2\Windows\System32\amsi.dll
2463	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
2464	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
2465	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B
2466	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2467	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2468	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\amsi.dll'
2469	1e24.48c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2470	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2471	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
2472	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
2473	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\amsi.dll) WinVerifyTrust
2474	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\amsi.dll
2475	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2476	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2477	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2478	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2479	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2480	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2481	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2482	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2483	1e24.48c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
2484	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff92cad0000 LB 0x00015000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
2485	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\amsi.dll
2486	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92cad0000 'C:\WINDOWS\System32\amsi.dll'
2487	1e24.48c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll': 0 (NtPath=\??\C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; Input=C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; rcNtGetDll=0x0
2488	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc000003a 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll'
2489	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2490	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2491	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9382f0000 'C:\WINDOWS\System32\MSCTF.dll'
2492	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2493	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
2494	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
2495	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
2496	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
2497	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
2498	1e24.48c: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2499	1e24.48c: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2500	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2501	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
2502	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
2503	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
2504	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
2505	1e24.48c: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2506	1e24.48c: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2507	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2508	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
2509	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
2510	1e24.48c: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2511	1e24.48c: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2512	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
2513	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2514	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
2515	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2516	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
2517	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
2518	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
2519	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff935740000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
2520	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2521	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff933a20000 LB 0x000d4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
2522	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
2523	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff9316e0000 LB 0x00153000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
2524	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
2525	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff927ad0000 LB 0x0032a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
2526	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
2527	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff927e00000 LB 0x0009e000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
2528	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
2529	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2530	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2531	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
2532	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2533	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2534	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2535	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2536	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2537	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2538	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2539	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2540	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2541	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2542	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2543	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2544	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2545	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2546	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2547	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2548	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2549	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2550	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2551	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2552	1e24.48c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2553	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2554	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2555	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2556	1e24.48c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2557	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2558	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2559	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
2560	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2561	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2562	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
2563	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2564	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2565	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
2566	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2567	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2568	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
2569	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2570	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2571	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2572	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2573	1e24.48c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
2574	1e24.48c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll': 0 (NtPath=\??\C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; Input=C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; rcNtGetDll=0x0
2575	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc000003a 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll'
2576	1e24.48c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll': 0 (NtPath=\??\C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; Input=C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; rcNtGetDll=0x0
2577	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc000003a 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll'
2578	1e24.48c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll': 0 (NtPath=\??\C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; Input=C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; rcNtGetDll=0x0
2579	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc000003a 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll'
2580	1e24.48c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll': 0 (NtPath=\??\C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; Input=C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; rcNtGetDll=0x0
2581	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc000003a 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll'
2582	1e24.48c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll': 0 (NtPath=\??\C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; Input=C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll; rcNtGetDll=0x0
2583	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc000003a 'C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll'
2584	1e24.292c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2585	1e24.292c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2586	1e24.292c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2587	1e24.292c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2588	1e24.292c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2589	1e24.292c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2590	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2591	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2592	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2593	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2594	1e24.292c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2595	1e24.292c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2596	1e24.292c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2597	1e24.292c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2598	1e24.292c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2599	1e24.292c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2600	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2601	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2602	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2603	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2604	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2605	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2606	1e24.292c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2607	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2608	1e24.292c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2609	1e24.292c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2610	1e24.292c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2611	1e24.292c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2612	1e24.292c: supR3HardenedDllNotificationCallback: load 0000000073f50000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2613	1e24.292c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2614	1e24.292c: supR3HardenedDllNotificationCallback: load 00007ff901c60000 LB 0x00331000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2615	1e24.292c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2616	1e24.292c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff901c60000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2617	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2618	1e24.60c: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2619	1e24.60c: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2620	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c8c pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2621	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
2622	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
2623	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F5B666FF2CFCD1394E450AF7141F0F82A5730F3
2624	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2625	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2626	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04113~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
2627	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2628	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
2629	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
2630	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
2631	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
2632	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
2633	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
2634	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
2635	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
2636	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2637	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
2638	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
2639	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bac pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
2640	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
2641	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
2642	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2E5A6C3AFA14B1D9C532760FD646C3AC357C7AB
2643	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2644	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2645	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2646	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2647	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) WinVerifyTrust
2648	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2649	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2650	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2651	1e24.60c: \Device\HarddiskVolume2\Windows\System32\setupapi.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2652	1e24.60c: \Device\HarddiskVolume2\Windows\System32\setupapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2653	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2654	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2655	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2656	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
2657	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
2658	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
2659	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
2660	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2661	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
2662	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
2663	1e24.60c: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2664	1e24.60c: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2665	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2666	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2667	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2668	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2669	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2670	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2671	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2672	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2673	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2674	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2675	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2676	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2677	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2678	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
2679	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
2680	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2681	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2682	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2683	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2684	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2685	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2686	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2687	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2688	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2689	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2690	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
2691	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2692	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2693	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2694	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2695	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2696	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2697	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2698	1e24.60c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
2699	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2700	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2701	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2702	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2703	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff92d700000 LB 0x00025000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
2704	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
2705	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff9388f0000 LB 0x00470000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
2706	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2707	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff924800000 LB 0x00013000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
2708	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2709	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff924820000 LB 0x00081000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
2710	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
2711	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff924820000 'C:\Windows\System32\NetSetupShim.dll'
2712	1e24.60c: \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2713	1e24.60c: \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2714	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2715	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2716	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2717	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
2718	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
2719	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
2720	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
2721	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2722	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2723	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2724	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2725	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2726	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2727	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2728	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2729	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2730	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2731	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2732	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2733	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2734	1e24.60c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
2735	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
2736	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2737	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2738	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2739	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2740	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2741	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
2742	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2743	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2744	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2745	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2746	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2747	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2748	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2749	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff937960000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
2750	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
2751	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff933c30000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2752	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2753	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff90c8e0000 LB 0x000ce000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
2754	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
2755	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c8e0000 'C:\Windows\System32\NetSetupEngine.dll'
2756	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2757	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2758	1e24.60c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
2759	1e24.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2760	1e24.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2761	1e24.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2762	1e24.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2763	1e24.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2764	1e24.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2765	1e24.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2766	1e24.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2767	1e24.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2768	1e24.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2769	1e24.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2770	1e24.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2771	1e24.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2772	1e24.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2773	1e24.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2774	1e24.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2775	1e24.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2776	1e24.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2777	1e24.d9c: supR3HardenedDllNotificationCallback: load 00007ff930190000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2778	1e24.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2779	1e24.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff930190000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2780	1e24.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939540000 'C:\WINDOWS\system32\User32.dll'
2781	1e24.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2782	1e24.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2783	1e24.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2784	1e24.99c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2785	1e24.99c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2786	1e24.99c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2787	1e24.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2788	1e24.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2789	1e24.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2790	1e24.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2791	1e24.99c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2792	1e24.99c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2793	1e24.99c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2794	1e24.99c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2795	1e24.99c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2796	1e24.99c: supR3HardenedDllNotificationCallback: load 00007ff92c5a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2797	1e24.99c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2798	1e24.99c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92c5a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2799	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2800	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2801	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\Shell32.dll'
2802	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2803	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2804	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff901c60000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2805	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2806	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2807	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2808	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2809	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2810	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2811	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2812	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2813	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2814	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2815	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2816	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2817	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2818	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2819	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2820	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2821	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2822	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2823	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2824	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2825	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff920a20000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2826	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2827	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920a20000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2828	1e24.60c: supR3HardenedDllNotificationCallback: Unload 00007ff920a20000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2829	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2830	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2831	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2832	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2833	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2834	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2835	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2836	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2837	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2838	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2839	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2840	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2841	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2842	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2843	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2844	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2845	1e24.60c: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
2846	1e24.60c: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
2847	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2848	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
2849	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2850	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2851	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2852	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2853	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2854	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2855	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2856	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2857	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2858	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2859	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2860	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2861	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2862	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2863	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2864	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2865	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2866	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2867	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2868	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2869	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2870	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2871	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2872	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2873	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2874	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2875	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2876	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2877	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2878	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2879	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2880	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2881	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2882	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2883	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2884	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2885	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2886	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2887	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2888	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2889	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2890	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2891	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2892	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2893	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2894	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2895	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2896	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2897	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2898	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2899	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2900	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2901	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2902	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2903	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2904	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2905	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff911c50000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2906	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2907	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff920a10000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2908	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2909	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff935b70000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2910	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2911	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff901280000 LB 0x009da000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2912	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2913	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff901280000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2914	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2915	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2916	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2917	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2918	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff91a630000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2919	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2920	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a630000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2921	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2922	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2923	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2924	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9049d0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2925	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2926	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2927	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2928	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff920a10000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2929	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2930	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2931	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2932	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2933	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2934	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2935	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2936	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2937	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2938	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2939	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2940	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2941	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff92a040000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2942	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2943	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92a040000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2944	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2945	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2946	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2947	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2948	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2949	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2950	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2951	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2952	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2953	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2954	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2955	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2956	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff928a00000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2957	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2958	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff928a00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2959	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2960	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2961	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2962	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2963	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2964	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2965	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2966	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2967	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
2968	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2969	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2970	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2971	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939540000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
2972	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2973	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2974	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
2975	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff9289e0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2976	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2977	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2978	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff939540000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
2979	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9289e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2980	1e24.48c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
2981	1e24.48c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2982	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff938e90000 'api-ms-win-core-com-l1-1-0.dll'
2983	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2984	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
2985	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2986	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2987	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2988	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2989	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2990	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2991	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2992	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2993	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2994	1e24.48c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2995	1e24.48c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\iertutil.dll)
2996	1e24.48c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
2997	1e24.48c: supR3HardenedDllNotificationCallback: load 00007ff92e190000 LB 0x002a6000 C:\WINDOWS\System32\iertutil.dll [fFlags=0x0]
2998	1e24.48c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
2999	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3000	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff91dc50000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
3001	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3002	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91dc50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
3003	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3004	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3005	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3006	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3007	1e24.60c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\iertutil.dll'
3008	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3009	1e24.105c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3010	1e24.105c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3011	1e24.105c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3012	1e24.105c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3013	1e24.105c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
3014	1e24.105c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3015	1e24.105c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3016	1e24.105c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3017	1e24.105c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3018	1e24.105c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3019	1e24.105c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3020	1e24.105c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3021	1e24.105c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3022	1e24.105c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3023	1e24.105c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3024	1e24.105c: supR3HardenedDllNotificationCallback: load 00007ff91dc30000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
3025	1e24.105c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3026	1e24.105c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91dc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
3027	1e24.e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3028	1e24.e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3029	1e24.e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3030	1e24.e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
3031	1e24.e38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
3032	1e24.e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
3033	1e24.e38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3034	1e24.e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3035	1e24.e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3036	1e24.e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3037	1e24.e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3038	1e24.e38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3039	1e24.e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3040	1e24.e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3041	1e24.e38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3042	1e24.e38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3043	1e24.e38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3044	1e24.e38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3045	1e24.e38: supR3HardenedDllNotificationCallback: load 00007ff92c570000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
3046	1e24.e38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3047	1e24.e38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92c570000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
3048	1e24.1c9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3049	1e24.1c9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3050	1e24.1c9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3051	1e24.1c9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3052	1e24.1c9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
3053	1e24.1c9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3054	1e24.1c9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3055	1e24.1c9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3056	1e24.1c9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3057	1e24.1c9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3058	1e24.1c9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3059	1e24.1c9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3060	1e24.1c9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3061	1e24.1c9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3062	1e24.1c9c: supR3HardenedDllNotificationCallback: load 00007ff92be80000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
3063	1e24.1c9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3064	1e24.1c9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92be80000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
3065	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3066	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3067	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3068	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3069	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
3070	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3071	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3072	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3073	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3074	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3075	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3076	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3077	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff933ff0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
3078	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3079	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff933ff0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
3080	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3081	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3082	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3083	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
3084	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
3085	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3086	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3087	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
3088	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
3089	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3090	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3091	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
3092	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
3093	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
3094	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3095	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3096	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
3097	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3098	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3099	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
3100	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3101	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3102	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
3103	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3104	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3105	1e24.60c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
3106	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3107	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3108	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
3109	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff9363f0000 LB 0x0002a000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
3110	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
3111	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff931410000 LB 0x00072000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
3112	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3113	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff931410000 'C:\WINDOWS\System32\MMDevApi.dll'
3114	1e24.60c: \Device\HarddiskVolume2\Windows\System32\dsound.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
3115	1e24.60c: \Device\HarddiskVolume2\Windows\System32\dsound.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
3116	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010bc pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
3117	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
3118	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
3119	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8184043CF3F3DF1E3CF96E74DBBF7D0836417373
3120	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3121	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3122	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
3123	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3124	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3125	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
3126	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
3127	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
3128	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3129	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3130	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3131	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3132	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3133	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3134	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3135	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff90c840000 LB 0x00099000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
3136	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3137	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3138	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3139	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c840000 'C:\WINDOWS\System32\dsound.dll'
3140	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c840000 'C:\WINDOWS\System32\dsound.dll'
3141	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3142	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3143	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c840000 'C:\WINDOWS\system32\dsound.dll'
3144	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3145	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3146	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff931410000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
3147	1e24.1910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3148	1e24.1910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3149	1e24.1910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3150	1e24.1910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
3151	1e24.1910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
3152	1e24.1910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
3153	1e24.1910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
3154	1e24.1910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3155	1e24.1910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3156	1e24.1910: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3157	1e24.1910: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3158	1e24.1910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3159	1e24.1910: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3160	1e24.1910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3161	1e24.1910: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3162	1e24.1910: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3163	1e24.1910: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3164	1e24.1910: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3165	1e24.1910: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3166	1e24.1910: supR3HardenedDllNotificationCallback: load 00007ff921480000 LB 0x0015d000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
3167	1e24.1910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3168	1e24.1910: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff921480000 'C:\WINDOWS\System32\AUDIOSES.DLL'
3169	1e24.1910: \Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
3170	1e24.1910: \Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
3171	1e24.1910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3172	1e24.1910: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
3173	1e24.1910: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll)
3174	1e24.1910: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll
3175	1e24.1910: supR3HardenedDllNotificationCallback: load 00007ff934c80000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
3176	1e24.1910: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
3177	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3178	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3179	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3180	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3181	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3182	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3183	1e24.60c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ResourcePolicyClient.dll'
3184	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3185	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3186	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3187	1e24.60c: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
3188	1e24.60c: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
3189	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001140 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3190	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
3191	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
3192	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38EA8D6D625C6A0A9075DAE17FD33652FF8FC23A
3193	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3194	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3195	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
3196	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3197	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3198	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
3199	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
3200	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
3201	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
3202	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3203	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3204	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3205	1e24.60c: \Device\HarddiskVolume2\Windows\System32\avrt.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
3206	1e24.60c: \Device\HarddiskVolume2\Windows\System32\avrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
3207	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3208	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3209	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
3210	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
3211	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3212	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3213	1e24.60c: \Device\HarddiskVolume2\Windows\System32\ksuser.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
3214	1e24.60c: \Device\HarddiskVolume2\Windows\System32\ksuser.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
3215	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3216	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3217	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3218	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
3219	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3220	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3221	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3222	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3223	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3224	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3225	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3226	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3227	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3228	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3229	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3230	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3231	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff923650000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
3232	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3233	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff931990000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
3234	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3235	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff91a5e0000 LB 0x00044000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
3236	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3237	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a5e0000 'C:\WINDOWS\System32\wdmaud.drv'
3238	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3239	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3240	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a5e0000 'C:\WINDOWS\System32\wdmaud.drv'
3241	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3242	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3243	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a5e0000 'C:\WINDOWS\System32\wdmaud.drv'
3244	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3245	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3246	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a5e0000 'C:\WINDOWS\System32\wdmaud.drv'
3247	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3248	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3249	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a5e0000 'C:\WINDOWS\System32\wdmaud.drv'
3250	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3251	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3252	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a5e0000 'C:\WINDOWS\System32\wdmaud.drv'
3253	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3254	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3255	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a5e0000 'C:\WINDOWS\System32\wdmaud.drv'
3256	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91a5e0000 'C:\WINDOWS\System32\wdmaud.drv'
3257	1e24.60c: \Device\HarddiskVolume2\Windows\System32\msacm32.drv: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
3258	1e24.60c: \Device\HarddiskVolume2\Windows\System32\msacm32.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
3259	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011b0 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
3260	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
3261	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
3262	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763C5E89A8DA653902990733D245B99CC7C40BEA
3263	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
3264	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3265	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3266	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3267	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
3268	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3269	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3270	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
3271	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
3272	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
3273	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
3274	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3275	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
3276	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
3277	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
3278	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3279	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3280	1e24.60c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
3281	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3282	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3283	1e24.60c: \Device\HarddiskVolume2\Windows\System32\msacm32.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
3284	1e24.60c: \Device\HarddiskVolume2\Windows\System32\msacm32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
3285	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3286	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3287	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3288	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
3289	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3290	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3291	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3292	1e24.60c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3293	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3294	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3295	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3296	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3297	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3298	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3299	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3300	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff91a490000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
3301	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3302	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff923050000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
3303	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3304	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923050000 'C:\WINDOWS\System32\msacm32.drv'
3305	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3306	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3307	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923050000 'C:\WINDOWS\System32\msacm32.drv'
3308	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3309	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3310	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923050000 'C:\WINDOWS\System32\msacm32.drv'
3311	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3312	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3313	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923050000 'C:\WINDOWS\System32\msacm32.drv'
3314	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3315	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3316	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923050000 'C:\WINDOWS\System32\msacm32.drv'
3317	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3318	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3319	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923050000 'C:\WINDOWS\System32\msacm32.drv'
3320	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3321	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3322	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923050000 'C:\WINDOWS\System32\msacm32.drv'
3323	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923050000 'C:\WINDOWS\System32\msacm32.drv'
3324	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923050000 'C:\WINDOWS\System32\msacm32.drv'
3325	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923050000 'C:\WINDOWS\System32\msacm32.drv'
3326	1e24.60c: \Device\HarddiskVolume2\Windows\System32\midimap.dll: Owner is not trusted installer (01 01 00 00 00 00 00 01 00 00 00 00)
3327	1e24.60c: \Device\HarddiskVolume2\Windows\System32\midimap.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
3328	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001130 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
3329	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001743050
3330	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001743050
3331	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB34EC166C3F780657AB67E557E6C2E60C398D10
3332	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3333	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff936770000 'C:\WINDOWS\System32\crypt32.dll'
3334	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.476.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
3335	1e24.60c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3336	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3337	1e24.60c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
3338	1e24.60c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
3339	1e24.60c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3340	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3341	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3342	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3343	1e24.60c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3344	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3345	1e24.60c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3346	1e24.60c: supR3HardenedDllNotificationCallback: load 00007ff923000000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
3347	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3348	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923000000 'C:\WINDOWS\System32\midimap.dll'
3349	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3350	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3351	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923000000 'C:\WINDOWS\System32\midimap.dll'
3352	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3353	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3354	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923000000 'C:\WINDOWS\System32\midimap.dll'
3355	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3356	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3357	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff923000000 'C:\WINDOWS\System32\midimap.dll'
3358	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3359	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3360	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3361	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3362	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3363	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3364	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3365	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3366	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3367	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3368	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3369	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3370	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3371	1e24.60c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3372	1e24.60c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3373	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90c840000 'C:\WINDOWS\system32\dsound.dll'
3374	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3375	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3376	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3377	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3378	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3379	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff92b3b0000 'C:\WINDOWS\System32\winmm.dll'
3380	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff901c60000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3381	1e24.60c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9359d0000 'C:\WINDOWS\system32\rsaenh.dll'
3382	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
3383	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
3384	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
3385	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
3386	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
3387	1e24.48c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff937c00000 'C:\WINDOWS\system32\shell32.dll'
3388	1e24.1c9c: supR3HardenedDllNotificationCallback: Unload 00007ff92be80000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3389	1e24.e38: supR3HardenedDllNotificationCallback: Unload 00007ff92c570000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3390	1e24.105c: supR3HardenedDllNotificationCallback: Unload 00007ff91dc30000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3391	1e24.99c: supR3HardenedDllNotificationCallback: Unload 00007ff92c5a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3392	1e24.d9c: supR3HardenedDllNotificationCallback: Unload 00007ff930190000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3393	1e24.60c: supR3HardenedDllNotificationCallback: Unload 00007ff91dc50000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
3394	1e24.60c: supR3HardenedDllNotificationCallback: Unload 00007ff9289e0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
3395	1e24.60c: supR3HardenedDllNotificationCallback: Unload 00007ff928a00000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
3396	1e24.60c: supR3HardenedDllNotificationCallback: Unload 00007ff92a040000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
3397	1e24.60c: supR3HardenedDllNotificationCallback: Unload 00007ff91a630000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
3398	1e24.60c: supR3HardenedDllNotificationCallback: Unload 00007ff901280000 LB 0x009da000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
3399	1e24.60c: supR3HardenedDllNotificationCallback: Unload 00007ff911c50000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
3400	1e24.60c: supR3HardenedDllNotificationCallback: Unload 00007ff920a10000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
3401	1e24.60c: supR3HardenedDllNotificationCallback: Unload 00007ff935b70000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
3402	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff9319f0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
3403	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff9310b0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
3404	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff9314d0000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
3405	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff933270000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
3406	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff9334d0000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
3407	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff934a20000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
3408	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff934e50000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [flags=0x0]
3409	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff92fab0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
3410	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff90c9b0000 LB 0x000d5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
3411	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff92ffd0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
3412	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff92fc60000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
3413	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff9049d0000 LB 0x003a4000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
3414	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff924820000 LB 0x00081000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
3415	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff92d700000 LB 0x00025000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
3416	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff9388f0000 LB 0x00470000 C:\WINDOWS\System32\setupapi.dll [flags=0x0]
3417	1e24.48c: supR3HardenedDllNotificationCallback: Unload 00007ff924800000 LB 0x00013000 C:\Windows\System32\DEVRTL.dll [flags=0x0]
3418	1e24.48c: Terminating the normal way: rcExit=0
3419	1c54.1028: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 24147 ms, the end);
3420	1b98.b54: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 25563 ms, the end);

Download in other formats:

Original Format