VirtualBox

Ticket #14185: VBoxStartup.log

File VBoxStartup.log, 308.8 KB (added by Paul17041993, 9 years ago)

VBoxStartup log

Line 
127d4.24c8: Log file opened: 4.3.28r100309 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000
227d4.24c8: \SystemRoot\System32\ntdll.dll:
327d4.24c8: CreationTime: 2015-05-30T02:05:27.727657100Z
427d4.24c8: LastWriteTime: 2015-03-23T21:59:25.551884100Z
527d4.24c8: ChangeTime: 2015-05-30T03:50:36.676572500Z
627d4.24c8: FileAttributes: 0x20
727d4.24c8: Size: 0x1a7540
827d4.24c8: NT Headers: 0xd8
927d4.24c8: Timestamp: 0x550f4336
1027d4.24c8: Machine: 0x8664 - amd64
1127d4.24c8: Timestamp: 0x550f4336
1227d4.24c8: Image Version: 6.3
1327d4.24c8: SizeOfImage: 0x1ac000 (1753088)
1427d4.24c8: Resource Dir: 0x148000 LB 0x62450
1527d4.24c8: ProductName: Microsoft® Windows® Operating System
1627d4.24c8: ProductVersion: 6.3.9600.17736
1727d4.24c8: FileVersion: 6.3.9600.17736 (winblue_r9.150322-1500)
1827d4.24c8: FileDescription: NT Layer DLL
1927d4.24c8: \SystemRoot\System32\kernel32.dll:
2027d4.24c8: CreationTime: 2015-05-30T02:09:51.777237800Z
2127d4.24c8: LastWriteTime: 2014-10-29T04:09:24.572407200Z
2227d4.24c8: ChangeTime: 2015-05-30T03:51:35.997498300Z
2327d4.24c8: FileAttributes: 0x20
2427d4.24c8: Size: 0x13fc30
2527d4.24c8: NT Headers: 0xf8
2627d4.24c8: Timestamp: 0x545054ca
2727d4.24c8: Machine: 0x8664 - amd64
2827d4.24c8: Timestamp: 0x545054ca
2927d4.24c8: Image Version: 6.3
3027d4.24c8: SizeOfImage: 0x13e000 (1302528)
3127d4.24c8: Resource Dir: 0x12e000 LB 0x518
3227d4.24c8: ProductName: Microsoft® Windows® Operating System
3327d4.24c8: ProductVersion: 6.3.9600.17415
3427d4.24c8: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
3527d4.24c8: FileDescription: Windows NT BASE API Client DLL
3627d4.24c8: \SystemRoot\System32\KernelBase.dll:
3727d4.24c8: CreationTime: 2015-05-30T02:11:04.152265300Z
3827d4.24c8: LastWriteTime: 2014-10-29T03:55:08.402989600Z
3927d4.24c8: ChangeTime: 2015-05-30T03:51:36.389460100Z
4027d4.24c8: FileAttributes: 0x20
4127d4.24c8: Size: 0x114a90
4227d4.24c8: NT Headers: 0xf0
4327d4.24c8: Timestamp: 0x54505737
4427d4.24c8: Machine: 0x8664 - amd64
4527d4.24c8: Timestamp: 0x54505737
4627d4.24c8: Image Version: 6.3
4727d4.24c8: SizeOfImage: 0x115000 (1134592)
4827d4.24c8: Resource Dir: 0x110000 LB 0x3528
4927d4.24c8: ProductName: Microsoft® Windows® Operating System
5027d4.24c8: ProductVersion: 6.3.9600.17415
5127d4.24c8: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
5227d4.24c8: FileDescription: Windows NT BASE API Client DLL
5327d4.24c8: \SystemRoot\System32\apisetschema.dll:
5427d4.24c8: CreationTime: 2013-08-22T12:13:09.745625900Z
5527d4.24c8: LastWriteTime: 2013-08-22T12:35:12.091034400Z
5627d4.24c8: ChangeTime: 2015-05-30T11:11:52.214082700Z
5727d4.24c8: FileAttributes: 0x20
5827d4.24c8: Size: 0x11360
5927d4.24c8: NT Headers: 0xd0
6027d4.24c8: Timestamp: 0x52160049
6127d4.24c8: Machine: 0x8664 - amd64
6227d4.24c8: Timestamp: 0x52160049
6327d4.24c8: Image Version: 6.3
6427d4.24c8: SizeOfImage: 0x13000 (77824)
6527d4.24c8: Resource Dir: 0x11000 LB 0x3f8
6627d4.24c8: ProductName: Microsoft® Windows® Operating System
6727d4.24c8: ProductVersion: 6.3.9600.16384
6827d4.24c8: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
6927d4.24c8: FileDescription: ApiSet Schema DLL
7027d4.24c8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7127d4.24c8: supR3HardenedWinFindAdversaries: 0x0
7227d4.24c8: Calling main()
7327d4.24c8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7427d4.24c8: SUPR3HardenedMain: Respawn #1
7527d4.24c8: System32: \Device\HarddiskVolume4\Windows\System32
7627d4.24c8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
7727d4.24c8: KnownDllPath: C:\Windows\system32
7827d4.24c8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7927d4.24c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8027d4.24c8: supR3HardNtEnableThreadCreation:
8127d4.24c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff822e48eb0 pvNtTerminateThread=00007ff822ec16f0
8227d4.24c8: supR3HardenedWinDoReSpawn(1): New child 9ac.1380 [kernel32].
8327d4.24c8: supR3HardNtChildGatherData: PebBaseAddress=00007ff6c91a7000 cbPeb=0x388
8427d4.24c8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff822e30000 uNtDllChildAddr=00007ff822e30000
8527d4.24c8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff822e48eb0
8627d4.24c8: supR3HardenedWinSetupChildInit: Start child.
8727d4.24c8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
8827d4.24c8: supR3HardNtChildPurify: Startup delay kludge #1/0: 262 ms, 31 sleeps
8927d4.24c8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9027d4.24c8: *0000000000000000-ffffffffff5cffff 0x0001/0x0000 0x0000000
9127d4.24c8: *0000000000a30000-0000000000a0ffff 0x0004/0x0004 0x0020000
9227d4.24c8: *0000000000a50000-0000000000a40fff 0x0002/0x0002 0x0040000
9327d4.24c8: 0000000000a5f000-0000000000a5dfff 0x0001/0x0000 0x0000000
9427d4.24c8: *0000000000a60000-0000000000963fff 0x0000/0x0004 0x0020000
9527d4.24c8: 0000000000b5c000-0000000000b58fff 0x0104/0x0004 0x0020000
9627d4.24c8: 0000000000b5f000-0000000000b5dfff 0x0004/0x0004 0x0020000
9727d4.24c8: *0000000000b60000-0000000000b5bfff 0x0002/0x0002 0x0040000
9827d4.24c8: 0000000000b64000-0000000000b57fff 0x0001/0x0000 0x0000000
9927d4.24c8: *0000000000b70000-0000000000b6dfff 0x0004/0x0004 0x0020000
10027d4.24c8: 0000000000b72000-ffffffff81703fff 0x0001/0x0000 0x0000000
10127d4.24c8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
10227d4.24c8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
10327d4.24c8: 000000007fff0000-ffff800a36e5ffff 0x0001/0x0000 0x0000000
10427d4.24c8: *00007ff6c9180000-00007ff6c915cfff 0x0002/0x0002 0x0040000
10527d4.24c8: 00007ff6c91a3000-00007ff6c919efff 0x0001/0x0000 0x0000000
10627d4.24c8: *00007ff6c91a7000-00007ff6c91a5fff 0x0004/0x0004 0x0020000
10727d4.24c8: 00007ff6c91a8000-00007ff6c91a1fff 0x0001/0x0000 0x0000000
10827d4.24c8: *00007ff6c91ae000-00007ff6c91abfff 0x0004/0x0004 0x0020000
10927d4.24c8: 00007ff6c91b0000-00007ff6c8e1ffff 0x0001/0x0000 0x0000000
11027d4.24c8: *00007ff6c9540000-00007ff6c9540fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
11127d4.24c8: 00007ff6c9541000-00007ff6c95c5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
11227d4.24c8: 00007ff6c95c6000-00007ff6c95c6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
11327d4.24c8: 00007ff6c95c7000-00007ff6c9604fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
11427d4.24c8: 00007ff6c9605000-00007ff6c9605fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
11527d4.24c8: 00007ff6c9606000-00007ff6c9606fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
11627d4.24c8: 00007ff6c9607000-00007ff6c9608fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
11727d4.24c8: 00007ff6c9609000-00007ff6c9609fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
11827d4.24c8: 00007ff6c960a000-00007ff6c960afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
11927d4.24c8: 00007ff6c960b000-00007ff6c960efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
12027d4.24c8: 00007ff6c960f000-00007ff6c9647fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
12127d4.24c8: 00007ff6c9648000-00007ff56fe5ffff 0x0001/0x0000 0x0000000
12227d4.24c8: *00007ff822e30000-00007ff822e30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
12327d4.24c8: 00007ff822e31000-00007ff822f5cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
12427d4.24c8: 00007ff822f5d000-00007ff822f62fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
12527d4.24c8: 00007ff822f63000-00007ff822f6ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
12627d4.24c8: 00007ff822f70000-00007ff822f70fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
12727d4.24c8: 00007ff822f71000-00007ff822f73fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
12827d4.24c8: 00007ff822f74000-00007ff822f74fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
12927d4.24c8: 00007ff822f75000-00007ff822fdbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13027d4.24c8: 00007ff822fdc000-00007ff045fd7fff 0x0001/0x0000 0x0000000
13127d4.24c8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
13227d4.24c8: VirtualBox.exe: timestamp 0x555369a5 (rc=VINF_SUCCESS)
13327d4.24c8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
13427d4.24c8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
13527d4.24c8: supR3HardNtChildPurify: Done after 320 ms and 0 fixes (loop #0).
1369ac.1380: Log file opened: 4.3.28r100309 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
1379ac.1380: supR3HardenedVmProcessInit: uNtDllAddr=00007ff822e30000
1389ac.1380: ntdll.dll: timestamp 0x550f4336 (rc=VINF_SUCCESS)
1399ac.1380: New simple heap: #1 0000000000c80000 LB 0x400000 (for 1753088 allocation)
14027d4.24c8: supR3HardNtEnableThreadCreation:
1419ac.1380: System32: \Device\HarddiskVolume4\Windows\System32
1429ac.1380: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1439ac.1380: KnownDllPath: C:\Windows\system32
1449ac.1380: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1459ac.1380: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1469ac.1380: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1479ac.1380: Registered Dll notification callback with NTDLL.
1489ac.1380: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
1499ac.1380: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1509ac.1380: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
1519ac.1380: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1529ac.1380: supR3HardenedDllNotificationCallback: load 00007ff8200a0000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1539ac.1380: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
1549ac.1380: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1559ac.1380: supR3HardenedDllNotificationCallback: load 00007ff820830000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
1569ac.1380: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1579ac.1380: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820830000 'C:\Windows\system32\KERNEL32.DLL'
1589ac.1380: supR3HardenedDllNotificationCallback: load 00007ff6c9540000 LB 0x00108000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1599ac.1380: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1609ac.1380: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1619ac.1380: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1629ac.1380: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff822e48eb0 pvNtTerminateThread=00007ff822ec16f0
16327d4.24c8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 84 ms.
1649ac.1380: \SystemRoot\System32\ntdll.dll:
1659ac.1380: CreationTime: 2015-05-30T02:05:27.727657100Z
1669ac.1380: LastWriteTime: 2015-03-23T21:59:25.551884100Z
1679ac.1380: ChangeTime: 2015-05-30T03:50:36.676572500Z
1689ac.1380: FileAttributes: 0x20
1699ac.1380: Size: 0x1a7540
1709ac.1380: NT Headers: 0xd8
1719ac.1380: Timestamp: 0x550f4336
1729ac.1380: Machine: 0x8664 - amd64
1739ac.1380: Timestamp: 0x550f4336
1749ac.1380: Image Version: 6.3
1759ac.1380: SizeOfImage: 0x1ac000 (1753088)
1769ac.1380: Resource Dir: 0x148000 LB 0x62450
1779ac.1380: ProductName: Microsoft® Windows® Operating System
1789ac.1380: ProductVersion: 6.3.9600.17736
1799ac.1380: FileVersion: 6.3.9600.17736 (winblue_r9.150322-1500)
1809ac.1380: FileDescription: NT Layer DLL
1819ac.1380: \SystemRoot\System32\kernel32.dll:
1829ac.1380: CreationTime: 2015-05-30T02:09:51.777237800Z
1839ac.1380: LastWriteTime: 2014-10-29T04:09:24.572407200Z
1849ac.1380: ChangeTime: 2015-05-30T03:51:35.997498300Z
1859ac.1380: FileAttributes: 0x20
1869ac.1380: Size: 0x13fc30
1879ac.1380: NT Headers: 0xf8
1889ac.1380: Timestamp: 0x545054ca
1899ac.1380: Machine: 0x8664 - amd64
1909ac.1380: Timestamp: 0x545054ca
1919ac.1380: Image Version: 6.3
1929ac.1380: SizeOfImage: 0x13e000 (1302528)
1939ac.1380: Resource Dir: 0x12e000 LB 0x518
1949ac.1380: ProductName: Microsoft® Windows® Operating System
1959ac.1380: ProductVersion: 6.3.9600.17415
1969ac.1380: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
1979ac.1380: FileDescription: Windows NT BASE API Client DLL
1989ac.1380: \SystemRoot\System32\KernelBase.dll:
1999ac.1380: CreationTime: 2015-05-30T02:11:04.152265300Z
2009ac.1380: LastWriteTime: 2014-10-29T03:55:08.402989600Z
2019ac.1380: ChangeTime: 2015-05-30T03:51:36.389460100Z
2029ac.1380: FileAttributes: 0x20
2039ac.1380: Size: 0x114a90
2049ac.1380: NT Headers: 0xf0
2059ac.1380: Timestamp: 0x54505737
2069ac.1380: Machine: 0x8664 - amd64
2079ac.1380: Timestamp: 0x54505737
2089ac.1380: Image Version: 6.3
2099ac.1380: SizeOfImage: 0x115000 (1134592)
2109ac.1380: Resource Dir: 0x110000 LB 0x3528
2119ac.1380: ProductName: Microsoft® Windows® Operating System
2129ac.1380: ProductVersion: 6.3.9600.17415
2139ac.1380: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
2149ac.1380: FileDescription: Windows NT BASE API Client DLL
2159ac.1380: \SystemRoot\System32\apisetschema.dll:
2169ac.1380: CreationTime: 2013-08-22T12:13:09.745625900Z
2179ac.1380: LastWriteTime: 2013-08-22T12:35:12.091034400Z
2189ac.1380: ChangeTime: 2015-05-30T11:11:52.214082700Z
2199ac.1380: FileAttributes: 0x20
2209ac.1380: Size: 0x11360
2219ac.1380: NT Headers: 0xd0
2229ac.1380: Timestamp: 0x52160049
2239ac.1380: Machine: 0x8664 - amd64
2249ac.1380: Timestamp: 0x52160049
2259ac.1380: Image Version: 6.3
2269ac.1380: SizeOfImage: 0x13000 (77824)
2279ac.1380: Resource Dir: 0x11000 LB 0x3f8
2289ac.1380: ProductName: Microsoft® Windows® Operating System
2299ac.1380: ProductVersion: 6.3.9600.16384
2309ac.1380: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
2319ac.1380: FileDescription: ApiSet Schema DLL
2329ac.1380: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2339ac.1380: supR3HardenedWinFindAdversaries: 0x0
2349ac.1380: Calling main()
2359ac.1380: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2369ac.1380: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2379ac.1380: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2389ac.1380: SUPR3HardenedMain: Respawn #2
2399ac.1380: supR3HardNtEnableThreadCreation:
2409ac.1380: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff822e48eb0 pvNtTerminateThread=00007ff822ec16f0
2419ac.1380: supR3HardenedWinDoReSpawn(2): New child 1cf0.15a0 [kernel32].
2429ac.1380: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2439ac.1380: supR3HardNtChildGatherData: PebBaseAddress=00007ff6c907c000 cbPeb=0x388
2449ac.1380: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff822e30000 uNtDllChildAddr=00007ff822e30000
2459ac.1380: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff822e48eb0
2469ac.1380: supR3HardenedWinSetupChildInit: Start child.
2479ac.1380: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2489ac.1380: supR3HardNtChildPurify: Startup delay kludge #1/0: 262 ms, 31 sleeps
2499ac.1380: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2509ac.1380: *0000000000000000-fffffffffffcffff 0x0001/0x0000 0x0000000
2519ac.1380: *0000000000030000-000000000000ffff 0x0004/0x0004 0x0020000
2529ac.1380: *0000000000050000-0000000000040fff 0x0002/0x0002 0x0040000
2539ac.1380: 000000000005f000-000000000005dfff 0x0001/0x0000 0x0000000
2549ac.1380: *0000000000060000-fffffffffff63fff 0x0000/0x0004 0x0020000
2559ac.1380: 000000000015c000-0000000000158fff 0x0104/0x0004 0x0020000
2569ac.1380: 000000000015f000-000000000015dfff 0x0004/0x0004 0x0020000
2579ac.1380: *0000000000160000-000000000015bfff 0x0002/0x0002 0x0040000
2589ac.1380: 0000000000164000-0000000000157fff 0x0001/0x0000 0x0000000
2599ac.1380: *0000000000170000-000000000016dfff 0x0004/0x0004 0x0020000
2609ac.1380: 0000000000172000-ffffffff80303fff 0x0001/0x0000 0x0000000
2619ac.1380: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2629ac.1380: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2639ac.1380: 000000007fff0000-ffff800a36f8ffff 0x0001/0x0000 0x0000000
2649ac.1380: *00007ff6c9050000-00007ff6c902cfff 0x0002/0x0002 0x0040000
2659ac.1380: 00007ff6c9073000-00007ff6c9069fff 0x0001/0x0000 0x0000000
2669ac.1380: *00007ff6c907c000-00007ff6c907afff 0x0004/0x0004 0x0020000
2679ac.1380: 00007ff6c907d000-00007ff6c907bfff 0x0001/0x0000 0x0000000
2689ac.1380: *00007ff6c907e000-00007ff6c907bfff 0x0004/0x0004 0x0020000
2699ac.1380: 00007ff6c9080000-00007ff6c8bbffff 0x0001/0x0000 0x0000000
2709ac.1380: *00007ff6c9540000-00007ff6c9540fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2719ac.1380: 00007ff6c9541000-00007ff6c95c5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2729ac.1380: 00007ff6c95c6000-00007ff6c95c6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2739ac.1380: 00007ff6c95c7000-00007ff6c9604fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2749ac.1380: 00007ff6c9605000-00007ff6c9605fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2759ac.1380: 00007ff6c9606000-00007ff6c9606fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2769ac.1380: 00007ff6c9607000-00007ff6c9608fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2779ac.1380: 00007ff6c9609000-00007ff6c9609fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2789ac.1380: 00007ff6c960a000-00007ff6c960afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2799ac.1380: 00007ff6c960b000-00007ff6c960efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2809ac.1380: 00007ff6c960f000-00007ff6c9647fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2819ac.1380: 00007ff6c9648000-00007ff56fe5ffff 0x0001/0x0000 0x0000000
2829ac.1380: *00007ff822e30000-00007ff822e30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2839ac.1380: 00007ff822e31000-00007ff822f5cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2849ac.1380: 00007ff822f5d000-00007ff822f62fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2859ac.1380: 00007ff822f63000-00007ff822f6ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2869ac.1380: 00007ff822f70000-00007ff822f70fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2879ac.1380: 00007ff822f71000-00007ff822f73fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2889ac.1380: 00007ff822f74000-00007ff822f74fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2899ac.1380: 00007ff822f75000-00007ff822fdbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2909ac.1380: 00007ff822fdc000-00007ff045fd7fff 0x0001/0x0000 0x0000000
2919ac.1380: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2929ac.1380: VirtualBox.exe: timestamp 0x555369a5 (rc=VINF_SUCCESS)
2939ac.1380: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2949ac.1380: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
2959ac.1380: supR3HardNtChildPurify: Done after 307 ms and 0 fixes (loop #0).
2961cf0.15a0: Log file opened: 4.3.28r100309 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
2971cf0.15a0: supR3HardenedVmProcessInit: uNtDllAddr=00007ff822e30000
2981cf0.15a0: ntdll.dll: timestamp 0x550f4336 (rc=VINF_SUCCESS)
2991cf0.15a0: New simple heap: #1 0000000000280000 LB 0x400000 (for 1753088 allocation)
3009ac.1380: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c80000 LB 0x400000)
3019ac.1380: supR3HardNtEnableThreadCreation:
3021cf0.15a0: System32: \Device\HarddiskVolume4\Windows\System32
3031cf0.15a0: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
3041cf0.15a0: KnownDllPath: C:\Windows\system32
3051cf0.15a0: supR3HardenedVmProcessInit: Opening vboxdrv...
3061cf0.15a0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3071cf0.15a0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3081cf0.15a0: Registered Dll notification callback with NTDLL.
3091cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
3101cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
3111cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
3121cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3131cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff8200a0000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
3141cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
3151cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
3161cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff820830000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
3171cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3181cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820830000 'C:\Windows\system32\KERNEL32.DLL'
3191cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff6c9540000 LB 0x00108000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3201cf0.15a0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3211cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3221cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3231cf0.15a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff822e48eb0 pvNtTerminateThread=00007ff822ec16f0
3249ac.1380: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 91 ms.
3251cf0.15a0: \SystemRoot\System32\ntdll.dll:
3261cf0.15a0: CreationTime: 2015-05-30T02:05:27.727657100Z
3271cf0.15a0: LastWriteTime: 2015-03-23T21:59:25.551884100Z
3281cf0.15a0: ChangeTime: 2015-05-30T03:50:36.676572500Z
3291cf0.15a0: FileAttributes: 0x20
3301cf0.15a0: Size: 0x1a7540
3311cf0.15a0: NT Headers: 0xd8
3321cf0.15a0: Timestamp: 0x550f4336
3331cf0.15a0: Machine: 0x8664 - amd64
3341cf0.15a0: Timestamp: 0x550f4336
3351cf0.15a0: Image Version: 6.3
3361cf0.15a0: SizeOfImage: 0x1ac000 (1753088)
3371cf0.15a0: Resource Dir: 0x148000 LB 0x62450
3381cf0.15a0: ProductName: Microsoft® Windows® Operating System
3391cf0.15a0: ProductVersion: 6.3.9600.17736
3401cf0.15a0: FileVersion: 6.3.9600.17736 (winblue_r9.150322-1500)
3411cf0.15a0: FileDescription: NT Layer DLL
3421cf0.15a0: \SystemRoot\System32\kernel32.dll:
3431cf0.15a0: CreationTime: 2015-05-30T02:09:51.777237800Z
3441cf0.15a0: LastWriteTime: 2014-10-29T04:09:24.572407200Z
3451cf0.15a0: ChangeTime: 2015-05-30T03:51:35.997498300Z
3461cf0.15a0: FileAttributes: 0x20
3471cf0.15a0: Size: 0x13fc30
3481cf0.15a0: NT Headers: 0xf8
3491cf0.15a0: Timestamp: 0x545054ca
3501cf0.15a0: Machine: 0x8664 - amd64
3511cf0.15a0: Timestamp: 0x545054ca
3521cf0.15a0: Image Version: 6.3
3531cf0.15a0: SizeOfImage: 0x13e000 (1302528)
3541cf0.15a0: Resource Dir: 0x12e000 LB 0x518
3551cf0.15a0: ProductName: Microsoft® Windows® Operating System
3561cf0.15a0: ProductVersion: 6.3.9600.17415
3571cf0.15a0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
3581cf0.15a0: FileDescription: Windows NT BASE API Client DLL
3591cf0.15a0: \SystemRoot\System32\KernelBase.dll:
3601cf0.15a0: CreationTime: 2015-05-30T02:11:04.152265300Z
3611cf0.15a0: LastWriteTime: 2014-10-29T03:55:08.402989600Z
3621cf0.15a0: ChangeTime: 2015-05-30T03:51:36.389460100Z
3631cf0.15a0: FileAttributes: 0x20
3641cf0.15a0: Size: 0x114a90
3651cf0.15a0: NT Headers: 0xf0
3661cf0.15a0: Timestamp: 0x54505737
3671cf0.15a0: Machine: 0x8664 - amd64
3681cf0.15a0: Timestamp: 0x54505737
3691cf0.15a0: Image Version: 6.3
3701cf0.15a0: SizeOfImage: 0x115000 (1134592)
3711cf0.15a0: Resource Dir: 0x110000 LB 0x3528
3721cf0.15a0: ProductName: Microsoft® Windows® Operating System
3731cf0.15a0: ProductVersion: 6.3.9600.17415
3741cf0.15a0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
3751cf0.15a0: FileDescription: Windows NT BASE API Client DLL
3761cf0.15a0: \SystemRoot\System32\apisetschema.dll:
3771cf0.15a0: CreationTime: 2013-08-22T12:13:09.745625900Z
3781cf0.15a0: LastWriteTime: 2013-08-22T12:35:12.091034400Z
3791cf0.15a0: ChangeTime: 2015-05-30T11:11:52.214082700Z
3801cf0.15a0: FileAttributes: 0x20
3811cf0.15a0: Size: 0x11360
3821cf0.15a0: NT Headers: 0xd0
3831cf0.15a0: Timestamp: 0x52160049
3841cf0.15a0: Machine: 0x8664 - amd64
3851cf0.15a0: Timestamp: 0x52160049
3861cf0.15a0: Image Version: 6.3
3871cf0.15a0: SizeOfImage: 0x13000 (77824)
3881cf0.15a0: Resource Dir: 0x11000 LB 0x3f8
3891cf0.15a0: ProductName: Microsoft® Windows® Operating System
3901cf0.15a0: ProductVersion: 6.3.9600.16384
3911cf0.15a0: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
3921cf0.15a0: FileDescription: ApiSet Schema DLL
3931cf0.15a0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3941cf0.15a0: supR3HardenedWinFindAdversaries: 0x0
3951cf0.15a0: Calling main()
3961cf0.15a0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3971cf0.15a0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3981cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3991cf0.15a0: SUPR3HardenedMain: Final process, opening VBoxDrv...
4001cf0.15a0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000280000 LB 0x400000)
4011cf0.15a0: supR3HardNtEnableThreadCreation:
4021cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4031cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4041cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4051cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4061cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81b080000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4071cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4081cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4091cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4101cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b080000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4111cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4121cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4131cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b080000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4141cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b080000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4151cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4161cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
4171cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
4181cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
4191cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
4201cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
4211cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4221cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4231cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
4241cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
4251cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4261cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4271cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
4281cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
4291cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4301cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4311cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4321cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
4331cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
4341cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
4351cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4361cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4371cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
4381cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
4391cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4401cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4411cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4421cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4431cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4441cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4451cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4461cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4471cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff821120000 LB 0x000aa000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
4481cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4491cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff820030000 LB 0x00011000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
4501cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4511cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff820220000 LB 0x001df000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
4521cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4531cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff820b00000 LB 0x00141000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
4541cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4551cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff8201c0000 LB 0x00051000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
4561cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4571cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\system32\Wintrust.dll'
4581cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
4591cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
4601cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4611cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4621cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81faa0000 LB 0x00026000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
4631cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4641cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81faa0000 'C:\Windows\system32\bcrypt.dll'
4651cf0.15a0: bcrypt.dll loaded at 00007ff81faa0000, BCryptOpenAlgorithmProvider at 00007ff81faa34a0, preloading providers:
4661cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
4671cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
4681cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4691cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4701cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81fde0000 LB 0x00063000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
4711cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4721cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81fde0000 'C:\Windows\system32\bcryptprimitives.dll'
4731cf0.15a0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000778ba0)
4741cf0.15a0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000778f90)
4751cf0.15a0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000007790b0)
4761cf0.15a0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000779300)
4771cf0.15a0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000779420)
4781cf0.15a0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000007796b0)
4791cf0.15a0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000779fb0)
4801cf0.15a0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000077a1f0)
4811cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4821cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4831cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
4841cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4851cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4861cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
4871cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4881cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4891cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
4901cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4911cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4921cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
4931cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4941cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4951cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
4961cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4971cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4981cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
4991cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5001cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
5011cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
5021cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
5031cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81f940000 LB 0x00020000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5041cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5051cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
5061cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
5071cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
5081cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5091cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5101cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5111cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5121cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5131cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81f4b0000 LB 0x00036000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
5141cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5151cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
5161cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5171cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
5181cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
5191cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81fe50000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5201cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5211cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5221cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5231cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5241cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5251cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5261cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820830000 'C:\Windows\system32\kernel32.dll'
5271cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5281cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
5291cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5301cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
5311cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\CRYPT32.dll'
5321cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff820c50000 LB 0x00016000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
5331cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5341cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
5351cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
5361cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5371cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5381cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5391cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5401cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5411cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
5421cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
5431cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
5441cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ncrypt.dll)
5451cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ncrypt.dll
5461cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntasn1.dll)
5471cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntasn1.dll
5481cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81fa30000 LB 0x00037000 C:\Windows\SYSTEM32\NTASN1.dll [fFlags=0x0]
5491cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
5501cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81fa70000 LB 0x00025000 C:\Windows\SYSTEM32\ncrypt.dll [fFlags=0x0]
5511cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
5521cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
5531cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
5541cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
5551cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff821230000 LB 0x00059000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
5561cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
5571cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5581cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
5591cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
5601cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
5611cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81f110000 LB 0x00024000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
5621cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
5631cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
5641cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
5651cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81ff80000 LB 0x00015000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
5661cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
5671cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5681cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
5691cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
5701cf0.15a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
5711cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
5721cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
5731cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
5741cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5751cf0.15a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\Wldap32.dll)
5761cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Wldap32.dll
5771cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5781cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5791cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5801cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5811cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5821cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5831cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5841cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5851cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5861cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5871cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5881cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5891cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5901cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5911cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5921cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
5931cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
5941cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
5951cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5961cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5971cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5981cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5991cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6001cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6011cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6021cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6031cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff8211d0000 LB 0x0005c000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
6041cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
6051cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff818a40000 LB 0x00039000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
6061cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6071cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6081cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6091cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6101cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6111cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6121cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6131cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6141cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6151cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6161cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6171cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6181cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6191cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6201cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6211cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6221cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6231cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6241cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6251cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6261cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6271cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6281cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6291cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6301cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6311cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6321cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6331cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6341cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6351cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\system32\cryptnet.dll'
6361cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6371cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a40000 'C:\Windows\System32\cryptnet.dll'
6381cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6391cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
6401cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
6411cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
6421cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
6431cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff822b70000 LB 0x000aa000 C:\Windows\SYSTEM32\advapi32.dll [fFlags=0x0]
6441cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6451cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6461cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6471cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6481cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6491cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6501cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6511cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6521cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6531cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6541cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6551cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6561cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
6571cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6581cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6591cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
6601cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6611cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007ccfe0
6621cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
6631cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0C388B9F1A03B08C9E0419963B4B8BEF1136190E
6641cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6651cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6661cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820b00000 'C:\Windows\system32\rpcrt4.dll'
6671cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6681cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
6691cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6701cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
6711cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6721cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
6731cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6741cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
6751cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6761cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
6771cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6781cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6791cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
6801cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6811cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\System32\WINTRUST.DLL'
6821cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6831cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6841cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
6851cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6861cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6871cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
6881cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_31_for_KB3045999~31bf3856ad364e35~amd64~~6.3.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
6891cf0.15a0: g_pfnWinVerifyTrust=00007ff8201c1050
6901cf0.15a0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6911cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6921cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6931cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
6941cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6951cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6961cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
6971cf0.15a0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
6981cf0.15a0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
6991cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7001cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7011cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7021cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
7031cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7041cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7051cf0.15a0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
7061cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7071cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7081cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7091cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7101cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
7111cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume4\Windows\System32\Wldap32.dll
7121cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
7131cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
7141cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBC3979054487C3D01C936AC44608445F3BDB24A
7151cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7161cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7171cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7181cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
7191cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7201cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
7211cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
7221cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
7231cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
7241cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFA081F787F20E906CEFF5631F4EC1F5B874BBA5
7251cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7261cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7271cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7281cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
7291cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7301cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
7311cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7321cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7331cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7341cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
7351cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7361cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7371cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7381cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
7391cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7401cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7411cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7421cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
7431cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7441cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7451cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7461cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll'
7471cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7481cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7491cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
7501cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7511cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7521cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll'
7531cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7541cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7551cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7561cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7571cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
7581cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7591cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7601cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7611cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
7621cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7631cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7641cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7651cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
7661cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7671cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7681cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
7691cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7701cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7711cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
7721cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7731cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7741cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
7751cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7761cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7771cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
7781cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7791cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7801cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
7811cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7821cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7831cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
7841cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7851cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
7861cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7871cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
7881cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7891cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7901cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
7911cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
7921cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7931cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
7941cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
7951cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
7961cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
7971cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
7981cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
7991cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
8001cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
8011cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
8021cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
8031cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
8041cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8051cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
8061cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
8071cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
8081cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
8091cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
8101cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
8111cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
8121cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
8131cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8141cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8151cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
8161cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
8171cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8181cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
8191cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
8201cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8211cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8221cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
8231cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8241cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8251cf0.15a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8261cf0.15a0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=31
8271cf0.15a0: SUPR3HardenedMain: Load Runtime...
8281cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
8291cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8301cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8311cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
8321cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
8331cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
8341cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8351cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8361cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8371cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
8381cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8391cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8401cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
8411cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
8421cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
8431cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
8441cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll)WinVerifyTrust
8451cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8461cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
8471cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
8481cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8491cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8501cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
8511cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
8521cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
8531cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
8541cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
8551cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
8561cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
8571cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8581cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
8591cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8601cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8611cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8621cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
8631cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
8641cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
8651cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8661cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
8671cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
8681cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8691cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
8701cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
8711cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
8721cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8731cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8741cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8751cf0.15a0: supR3HardenedDllNotificationCallback: load 00000000746c0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
8761cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
8771cf0.15a0: supR3HardenedDllNotificationCallback: load 0000000074620000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
8781cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
8791cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff822e20000 LB 0x00009000 C:\Windows\system32\NSI.dll [fFlags=0x0]
8801cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
8811cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff8227b0000 LB 0x0005a000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
8821cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8831cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ffffe110000 LB 0x00538000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
8841cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8851cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
8861cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
8871cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
8881cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rescheduled]
8891cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8901cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8911cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8921cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8931cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8941cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8951cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8961cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8971cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
8981cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
8991cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9001cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9011cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9021cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9031cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9041cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9051cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9061cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9071cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9081cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9091cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9101cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9111cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9121cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9131cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9141cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9151cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9161cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9171cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9181cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9191cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9201cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9211cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9221cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9231cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9241cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9251cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9261cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9271cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9281cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9291cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9301cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9311cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9321cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9331cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9341cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9351cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9361cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9371cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffe110000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9381cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8201c0000 'C:\Windows\system32\Wintrust.dll'
9391cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
9401cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
9411cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
9421cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
9431cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
9441cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9451cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
9461cf0.15a0: SUPR3HardenedMain: Load TrustedMain...
9471cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
9481cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9491cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9501cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9511cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9521cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
9531cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
9541cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
9551cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
9561cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
9571cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
9581cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
9591cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
9601cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
9611cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
9621cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
9631cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
9641cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
9651cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
9661cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9671cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9681cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
9691cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
9701cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
9711cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
9721cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
9731cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll)WinVerifyTrust
9741cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
9751cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
9761cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
9771cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
9781cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
9791cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
9801cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8D428FD3A844AF383E2EA2C23013320CECD6296
9811cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9821cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9831cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
9841cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
9851cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
9861cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
9871cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9881cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9891cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
9901cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
9911cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
9921cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
9931cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
9941cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
9951cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
9961cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
9971cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
9981cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
9991cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
10001cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10011cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
10021cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll)
10031cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
10041cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10051cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10061cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10071cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10081cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
10091cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
10101cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
10111cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
10121cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10131cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10141cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
10151cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
10161cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
10171cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
10181cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
10191cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
10201cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10211cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10221cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
10231cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
10241cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
10251cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10261cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10271cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
10281cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
10291cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
10301cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
10311cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
10321cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)WinVerifyTrust
10331cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
10341cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10351cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10361cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10371cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10381cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
10391cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10401cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'.
10411cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'.
10421cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'.
10431cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
10441cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
10451cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
10461cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
10471cf0.15a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
10481cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
10491cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
10501cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
10511cf0.15a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
10521cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
10531cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10541cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10551cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10561cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10571cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10581cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
10591cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
10601cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
10611cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
10621cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10631cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
10641cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
10651cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
10661cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
10671cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10681cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10691cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10701cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10711cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10721cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10731cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10741cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
10751cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10761cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10771cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10781cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10791cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
10801cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10811cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10821cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10831cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10841cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10851cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
10861cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10871cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10881cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10891cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
10901cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
10911cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
10921cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10931cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10941cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
10951cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10961cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10971cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
10981cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
10991cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11001cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
11011cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
11021cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll)WinVerifyTrust
11031cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
11041cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11051cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11061cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11071cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11081cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
11091cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
11101cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
11111cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
11121cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11131cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
11141cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
11151cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
11161cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11171cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11181cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11191cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11201cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11211cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11221cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
11231cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
11241cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11251cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
11261cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
11271cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
11281cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
11291cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll)WinVerifyTrust
11301cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
11311cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11321cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11331cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [redoing WinVerifyTrust]
11341cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
11351cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
11361cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
11371cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11381cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11391cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11401cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11411cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11421cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11431cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11441cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11451cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11461cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11471cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
11481cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
11491cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
11501cf0.15a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
11511cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11521cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11531cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
11541cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11551cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11561cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
11571cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
11581cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
11591cf0.15a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
11601cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11611cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11621cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
11631cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
11641cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
11651cf0.15a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
11661cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
11671cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
11681cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
11691cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
11701cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11711cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11721cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
11731cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
11741cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
11751cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
11761cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
11771cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
11781cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
11791cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11801cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11811cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11821cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
11831cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
11841cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
11851cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11861cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
11871cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
11881cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
11891cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11901cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11911cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
11921cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
11931cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
11941cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
11951cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
11961cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
11971cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
11981cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
11991cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
12001cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
12011cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
12021cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
12031cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
12041cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
12051cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
12061cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
12071cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
12081cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
12091cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
12101cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
12111cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12121cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12131cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
12141cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12151cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12161cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
12171cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12181cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12191cf0.15a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
12201cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12211cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
12221cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
12231cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
12241cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
12251cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
12261cf0.15a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
12271cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
12281cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12291cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12301cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
12311cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
12321cf0.15a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
12331cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12341cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
12351cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
12361cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
12371cf0.15a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)
12381cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
12391cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
12401cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
12411cf0.15a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
12421cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12431cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
12441cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12451cf0.15a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
12461cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
12471cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12481cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12491cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
12501cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12511cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12521cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
12531cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12541cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12551cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12561cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12571cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12581cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12591cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12601cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
12611cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
12621cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
12631cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
12641cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12651cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12661cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
12671cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12681cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12691cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
12701cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12711cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12721cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12731cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12741cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
12751cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
12761cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
12771cf0.15a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
12781cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12791cf0.15a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
12801cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
12811cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12821cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12831cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
12841cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
12851cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
12861cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
12871cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
12881cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
12891cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
12901cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
12911cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12921cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12931cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
12941cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
12951cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
12961cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
12971cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12981cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12991cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13001cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13011cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13021cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13031cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13041cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
13051cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
13061cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
13071cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
13081cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13091cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13101cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
13111cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13121cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13131cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
13141cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13151cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13161cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
13171cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
13181cf0.15a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
13191cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13201cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
13211cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
13221cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'.
13231cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
13241cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
13251cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13261cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13271cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13281cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13291cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13301cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13311cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13321cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13331cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
13341cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13351cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13361cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
13371cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
13381cf0.15a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
13391cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13401cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
13411cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13421cf0.15a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)
13431cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
13441cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13451cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13461cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13471cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13481cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13491cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13501cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13511cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13521cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13531cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13541cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13551cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13561cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
13571cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
13581cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
13591cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13601cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13611cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13621cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13631cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
13641cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13651cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13661cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
13671cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
13681cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
13691cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
13701cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
13711cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
13721cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
13731cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
13741cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
13751cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13761cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13771cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13781cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
13791cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
13801cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
13811cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
13821cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
13831cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
13841cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
13851cf0.15a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
13861cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
13871cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
13881cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
13891cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
13901cf0.15a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
13911cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13921cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13931cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
13941cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
13951cf0.15a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
13961cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13971cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13981cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
13991cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14001cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14011cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14021cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14031cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
14041cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000538 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
14051cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
14061cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
14071cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C6D4490D969C3233E8843AD4B11DB3F390C0B16
14081cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
14091cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
14101cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1537_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
14111cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14121cf0.15a0: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
14131cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14141cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
14151cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
14161cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
14171cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
14181cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
14191cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
14201cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
14211cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14221cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14231cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14241cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14251cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14261cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14271cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14281cf0.15a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll)
14291cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll
14301cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14311cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14321cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
14331cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
14341cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14351cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'.
14361cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
14371cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
14381cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff820970000 LB 0x00177000 C:\Windows\system32\USER32.dll [fFlags=0x0]
14391cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff8206d0000 LB 0x00151000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
14401cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81ce10000 LB 0x00009000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
14411cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
14421cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff817840000 LB 0x000f8000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
14431cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
14441cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81cb30000 LB 0x0002e000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
14451cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14461cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff817940000 LB 0x0012b000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14471cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
14481cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff8204b0000 LB 0x00211000 C:\Windows\SYSTEM32\combase.dll [fFlags=0x0]
14491cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14501cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff822c20000 LB 0x00194000 C:\Windows\system32\ole32.dll [fFlags=0x0]
14511cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
14521cf0.15a0: supR3HardenedDllNotificationCallback: load 0000000074340000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
14531cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
14541cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff822dc0000 LB 0x00054000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
14551cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14561cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff805630000 LB 0x000a4000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\COMCTL32.dll [fFlags=0x0]
14571cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll [avoiding WinVerifyTrust]
14581cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff821290000 LB 0x01518000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
14591cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
14601cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81e320000 LB 0x000b2000 C:\Windows\SYSTEM32\SHCORE.DLL [fFlags=0x0]
14611cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [avoiding WinVerifyTrust]
14621cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff820ff0000 LB 0x000b6000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
14631cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
14641cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff820f20000 LB 0x000c1000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
14651cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
14661cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff822810000 LB 0x00152000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
14671cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
14681cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff822970000 LB 0x00036000 C:\Windows\system32\IMM32.dll [fFlags=0x0]
14691cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
14701cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff820050000 LB 0x0004f000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
14711cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
14721cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81ed70000 LB 0x00028000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
14731cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
14741cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff816210000 LB 0x0002a000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
14751cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14761cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff816240000 LB 0x00022000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
14771cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
14781cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff816640000 LB 0x00082000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
14791cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14801cf0.15a0: supR3HardenedDllNotificationCallback: load 00000000739d0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
14811cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
14821cf0.15a0: supR3HardenedDllNotificationCallback: load 00000000738c0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
14831cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
14841cf0.15a0: supR3HardenedDllNotificationCallback: load 00000000737e0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
14851cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
14861cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ffffd890000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
14871cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
14881cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
14891cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
14901cf0.15a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'.
14911cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll' [rescheduled]
14921cf0.15a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
14931cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled]
14941cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
14951cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rescheduled]
14961cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
14971cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
14981cf0.15a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
14991cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
15001cf0.15a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
15011cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
15021cf0.15a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
15031cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled]
15041cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15051cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
15061cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
15071cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
15081cf0.15a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
15091cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
15101cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
15111cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
15121cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
15131cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rescheduled]
15141cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
15151cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
15161cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
15171cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
15181cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
15191cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15201cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15211cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
15221cf0.15a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15231cf0.15a0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
15241cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15251cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15261cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15271cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15281cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15291cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15301cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15311cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15321cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
15331cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15341cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff822970000 'C:\Windows\system32\imm32.dll'
15351cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffd890000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
15361cf0.15a0: SUPR3HardenedMain: Calling TrustedMain (00007ffffd891ca0)...
15371cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
15381cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15391cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
15401cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000618 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
15411cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
15421cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
15431cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=011C79DEF7FEEC81838000B9664073BAE4A7CB92
15441cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
15451cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
15461cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1357_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
15471cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15481cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15491cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
15501cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
15511cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll)WinVerifyTrust
15521cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
15531cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15541cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15551cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15561cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15571cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15581cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15591cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15601cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
15611cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81ebf0000 LB 0x00129000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
15621cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
15631cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ebf0000 'C:\Windows\system32\uxtheme.dll'
15641cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
15651cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15661cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ebf0000 'C:\Windows\system32\uxtheme.dll'
15671cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
15681cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15691cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ebf0000 'C:\Windows\system32\uxtheme.dll'
15701cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
15711cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
15721cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ebf0000 'C:\Windows\system32\uxtheme.dll'
15731cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15741cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'.
15751cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'.
15761cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
15771cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
15781cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81e120000 LB 0x00021000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
15791cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
15801cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
15811cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
15821cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
15831cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
15841cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81edc0000 LB 0x0000b000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
15851cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
15861cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15871cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15881cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15891cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15901cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15911cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15921cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
15931cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15941cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15951cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15961cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15971cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
15981cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
15991cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
16001cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
16011cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
16021cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
16031cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
16041cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16051cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff821290000 'C:\Windows\system32\shell32.dll'
16061cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
16071cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16081cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820830000 'C:\Windows\system32\kernel32.dll'
16091cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
16101cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16111cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ebf0000 'C:\Windows\system32\uxtheme.dll'
16121cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
16131cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16141cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ebf0000 'C:\Windows\system32\uxtheme.dll'
16151cf0.15a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
16161cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16171cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
16181cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820970000 'C:\Windows\system32\user32.dll'
16191cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
16201cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16211cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ebf0000 'C:\Windows\system32\uxtheme.dll'
16221cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820970000 'C:\Windows\system32\user32.dll'
16231cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16241cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16251cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff822b70000 'C:\Windows\system32\advapi32.dll'
16261cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
16271cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
16281cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16291cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
16301cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
16311cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll)WinVerifyTrust
16321cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
16331cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
16341cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
16351cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
16361cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16371cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16381cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16391cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16401cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16411cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
16421cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81f570000 LB 0x00021000 C:\Windows\system32\userenv.dll [fFlags=0x0]
16431cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
16441cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f570000 'C:\Windows\system32\userenv.dll'
16451cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
16461cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16471cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820830000 'C:\Windows\system32\kernel32.dll'
16481cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16491cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
16501cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
16511cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
16521cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff820c80000 LB 0x000b6000 C:\Windows\SYSTEM32\clbcatq.dll [fFlags=0x0]
16531cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust]
16541cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16551cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16561cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16571cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16581cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
16591cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
16601cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
16611cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
16621cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
16631cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16641cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820f20000 'C:\Windows\System32\oleaut32.dll'
16651cf0.15a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\sxs.dll)
16661cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sxs.dll
16671cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff81fe60000 LB 0x00099000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0]
16681cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
16691cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume4\Windows\System32\sxs.dll
16701cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
16711cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
16721cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CE9E354C30F5B2A6EDC3DE9416DF14533BE89816
16731cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
16741cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
16751cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_846_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\sxs.dll'
16761cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16771cf0.15a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sxs.dll'
16781cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
16791cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16801cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820f20000 'C:\Windows\system32\OLEAUT32.dll'
16811cf0.15a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
16821cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16831cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
16841cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8206d0000 'C:\Windows\system32\gdi32.dll'
16851cf0.2028: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
16861cf0.2028: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16871cf0.2028: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
16881cf0.2028: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
16891cf0.2028: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
16901cf0.2028: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
16911cf0.2028: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
16921cf0.2028: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
16931cf0.2028: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
16941cf0.2028: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
16951cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16961cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16971cf0.2028: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
16981cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16991cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17001cf0.2028: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17011cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17021cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17031cf0.2028: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
17041cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17051cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17061cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17071cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17081cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17091cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17101cf0.2028: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
17111cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17121cf0.2028: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17131cf0.2028: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
17141cf0.2028: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17151cf0.2028: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
17161cf0.2028: supR3HardenedDllNotificationCallback: load 00007ffffd0f0000 LB 0x004f9000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
17171cf0.2028: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
17181cf0.2028: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffd0f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
17191cf0.22c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
17201cf0.22c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
17211cf0.22c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
17221cf0.22c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17231cf0.22c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17241cf0.22c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll)WinVerifyTrust
17251cf0.22c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
17261cf0.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17271cf0.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17281cf0.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17291cf0.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17301cf0.22c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17311cf0.22c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
17321cf0.22c0: supR3HardenedDllNotificationCallback: load 00007ff818c10000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
17331cf0.22c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
17341cf0.22c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818c10000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
17351cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820970000 'C:\Windows\system32\user32.dll'
17361cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17371cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17381cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff822c20000 'C:\Windows\system32\ole32.dll'
17391cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [redoing WinVerifyTrust]
17401cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
17411cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
17421cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
17431cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17441cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff822810000 'C:\Windows\system32\MSCTF.dll'
17451cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17461cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17471cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff822c20000 'C:\Windows\system32\ole32.dll'
17481cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
17491cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17501cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820f20000 'C:\Windows\system32\OLEAUT32.dll'
17511cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a18 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
17521cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
17531cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
17541cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=423F3447A3399AF560C707709A03AE5E23FA1CAD
17551cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
17561cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
17571cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
17581cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17591cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17601cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
17611cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
17621cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
17631cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
17641cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
17651cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
17661cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a2c pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
17671cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
17681cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
17691cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E264B83DD0BC4A26011E964C5856C40BC4FD6A4
17701cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
17711cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
17721cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
17731cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17741cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17751cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'.
17761cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll)WinVerifyTrust
17771cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
17781cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17791cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17801cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
17811cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17821cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17831cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17841cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17851cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
17861cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17871cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17881cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17891cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
17901cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
17911cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff818f50000 LB 0x00082000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
17921cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
17931cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff816e50000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
17941cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
17951cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17961cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8200a0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
17971cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816e50000 'C:\Windows\system32\wbem\wbemprox.dll'
17981cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a30 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
17991cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
18001cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
18011cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=34CAAFAC191912291EB7000AE3D54335A7FD4C18
18021cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
18031cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
18041cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
18051cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18061cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18071cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
18081cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
18091cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
18101cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18111cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18121cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18131cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18141cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18151cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
18161cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff816a10000 LB 0x00015000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
18171cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
18181cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816a10000 'C:\Windows\system32\wbem\wbemsvc.dll'
18191cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18201cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8200a0000 'api-ms-win-core-localization-l1-2-0.dll'
18211cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18221cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8200a0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
18231cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a4c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
18241cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
18251cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
18261cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92F5EA7DEF5292B930D85382B83309F563FFA69F
18271cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
18281cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18291cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
18301cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
18311cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
18321cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18331cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18341cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
18351cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
18361cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
18371cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
18381cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
18391cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
18401cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18411cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18421cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
18431cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18441cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
18451cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff816a30000 LB 0x000fb000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
18461cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
18471cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816a30000 'C:\Windows\system32\wbem\fastprox.dll'
18481cf0.15a0: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll' [redir]
18491cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll [redoing WinVerifyTrust]
18501cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e4 pwszName=\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll
18511cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
18521cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
18531cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2439957F4F4E64F3771B4CC408D22259C95DE82
18541cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
18551cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
18561cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'
18571cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18581cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'
18591cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18601cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff805630000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'
18611cf0.2654: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
18621cf0.2654: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18631cf0.2654: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
18641cf0.2654: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18651cf0.2654: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
18661cf0.2654: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18671cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18681cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18691cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
18701cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
18711cf0.2654: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
18721cf0.2654: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
18731cf0.2654: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
18741cf0.2654: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
18751cf0.2654: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
18761cf0.2654: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
18771cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18781cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18791cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18801cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18811cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
18821cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
18831cf0.2654: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18841cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18851cf0.2654: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18861cf0.2654: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18871cf0.2654: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18881cf0.2654: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
18891cf0.2654: supR3HardenedDllNotificationCallback: load 00000000736d0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
18901cf0.2654: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
18911cf0.2654: supR3HardenedDllNotificationCallback: load 00007ffff6980000 LB 0x00262000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
18921cf0.2654: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
18931cf0.2654: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6980000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
18941cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
18951cf0.d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
18961cf0.d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18971cf0.d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
18981cf0.d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18991cf0.d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19001cf0.d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
19011cf0.d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
19021cf0.d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19031cf0.d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19041cf0.d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19051cf0.d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19061cf0.d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
19071cf0.d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
19081cf0.d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
19091cf0.d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19101cf0.d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19111cf0.d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19121cf0.d0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
19131cf0.d0: supR3HardenedDllNotificationCallback: load 00007ff817b70000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
19141cf0.d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
19151cf0.d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817b70000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
19161cf0.24a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
19171cf0.24a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19181cf0.24a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
19191cf0.24a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
19201cf0.24a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
19211cf0.24a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19221cf0.24a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19231cf0.24a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19241cf0.24a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19251cf0.24a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19261cf0.24a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
19271cf0.24a8: supR3HardenedDllNotificationCallback: load 00007ff817b60000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
19281cf0.24a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
19291cf0.24a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817b60000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
19301cf0.2710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
19311cf0.2710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19321cf0.2710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
19331cf0.2710: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
19341cf0.2710: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
19351cf0.2710: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
19361cf0.2710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19371cf0.2710: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19381cf0.2710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19391cf0.2710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19401cf0.2710: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
19411cf0.2710: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19421cf0.2710: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19431cf0.2710: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19441cf0.2710: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
19451cf0.2710: supR3HardenedDllNotificationCallback: load 00007ff817a80000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
19461cf0.2710: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
19471cf0.2710: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817a80000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
19481cf0.267c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
19491cf0.267c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19501cf0.267c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
19511cf0.267c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
19521cf0.267c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
19531cf0.267c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
19541cf0.267c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19551cf0.267c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19561cf0.267c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19571cf0.267c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19581cf0.267c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
19591cf0.267c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19601cf0.267c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19611cf0.267c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19621cf0.267c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
19631cf0.267c: supR3HardenedDllNotificationCallback: load 00007ff817740000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
19641cf0.267c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
19651cf0.267c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff817740000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
19661cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
19671cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19681cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff821290000 'C:\Windows\system32/Shell32.dll'
19691cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
19701cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19711cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6980000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
19721cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
19731cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19741cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
19751cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19761cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
19771cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
19781cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll)WinVerifyTrust
19791cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
19801cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19811cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19821cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
19831cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19841cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19851cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
19861cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19871cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19881cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19891cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19901cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19911cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19921cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19931cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
19941cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff814760000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
19951cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
19961cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff814760000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
19971cf0.1530: supR3HardenedDllNotificationCallback: Unload 00007ff814760000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
19981cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
19991cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
20001cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20011cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
20021cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20031cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
20041cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
20051cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
20061cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
20071cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
20081cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
20091cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
20101cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
20111cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
20121cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
20131cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
20141cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
20151cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
20161cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
20171cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
20181cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
20191cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
20201cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20211cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20221cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
20231cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
20241cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
20251cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
20261cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
20271cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
20281cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
20291cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
20301cf0.1530: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'.
20311cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
20321cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
20331cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
20341cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
20351cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
20361cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
20371cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
20381cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
20391cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
20401cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
20411cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20421cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20431cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
20441cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
20451cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
20461cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
20471cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
20481cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll)WinVerifyTrust
20491cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
20501cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20511cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20521cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
20531cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
20541cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20551cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20561cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
20571cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20581cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20591cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
20601cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
20611cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
20621cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
20631cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20641cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
20651cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20661cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
20671cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
20681cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
20691cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
20701cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20711cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20721cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
20731cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
20741cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20751cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20761cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20771cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
20781cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
20791cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20801cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20811cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20821cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
20831cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
20841cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
20851cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
20861cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
20871cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20881cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20891cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
20901cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
20911cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20921cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20931cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20941cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20951cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20961cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
20971cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume4\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
20981cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c50 pwszName=\Device\HarddiskVolume4\Windows\System32\newdev.dll
20991cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
21001cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
21011cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B90F53BC1E04734936A6993D9005F5A7C816F8F
21021cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
21031cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
21041cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_868_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\newdev.dll'
21051cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21061cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21071cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
21081cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
21091cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
21101cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
21111cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
21121cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
21131cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\newdev.dll)WinVerifyTrust
21141cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\newdev.dll
21151cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
21161cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
21171cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
21181cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21191cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21201cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21211cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21221cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21231cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21241cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
21251cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
21261cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
21271cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
21281cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
21291cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
21301cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
21311cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
21321cf0.1530: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
21331cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
21341cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
21351cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21361cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21371cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21381cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21391cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21401cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21411cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21421cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21431cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21441cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
21451cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
21461cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
21471cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
21481cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
21491cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
21501cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21511cf0.1530: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\devrtl.dll)
21521cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devrtl.dll
21531cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff820d40000 LB 0x001da000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
21541cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
21551cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff81b1b0000 LB 0x00016000 C:\Windows\SYSTEM32\devrtl.DLL [fFlags=0x0]
21561cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
21571cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff814950000 LB 0x00056000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0]
21581cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
21591cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff809db0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
21601cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
21611cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff814760000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
21621cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
21631cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff81b170000 LB 0x0000a000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
21641cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
21651cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff81b180000 LB 0x0002a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
21661cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
21671cf0.1530: supR3HardenedDllNotificationCallback: load 00007ffff60a0000 LB 0x008d2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
21681cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
21691cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff60a0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
21701cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c5c pwszName=\Device\HarddiskVolume4\Windows\System32\devrtl.dll
21711cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
21721cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
21731cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BD420FD87C527DD7764DD8C12C3F1C9F0448C71
21741cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21751cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21761cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
21771cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
21781cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1966_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
21791cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21801cf0.1530: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
21811cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
21821cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
21831cf0.1530: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
21841cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
21851cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
21861cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21871cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
21881cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff80c2d0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
21891cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
21901cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff80c2d0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
21911cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
21921cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
21931cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21941cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffffd0f0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
21951cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
21961cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
21971cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21981cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff814760000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
21991cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22001cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22011cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22021cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22031cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll)WinVerifyTrust
22041cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
22051cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22061cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22071cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22081cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22091cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22101cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
22111cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff8152c0000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
22121cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
22131cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8152c0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
22141cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22151cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22161cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22171cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22181cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll)WinVerifyTrust
22191cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
22201cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22211cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22221cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22231cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22241cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22251cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
22261cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff810670000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
22271cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
22281cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff810670000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
22291cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22301cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22311cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22321cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22331cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll)WinVerifyTrust
22341cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
22351cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22361cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22371cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22381cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22391cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22401cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
22411cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff809d90000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
22421cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
22431cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff809d90000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
22441cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22451cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22461cf0.2220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22471cf0.2220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22481cf0.2220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22491cf0.2220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22501cf0.2220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
22511cf0.2220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
22521cf0.2220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22531cf0.2220: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22541cf0.2220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22551cf0.2220: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22561cf0.2220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22571cf0.2220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22581cf0.2220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22591cf0.2220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22601cf0.2220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
22611cf0.2220: supR3HardenedDllNotificationCallback: load 00007ff8170c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
22621cf0.2220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
22631cf0.2220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8170c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
22641cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22651cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22661cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22671cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22681cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll)WinVerifyTrust
22691cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
22701cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22711cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22721cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22731cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22741cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22751cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
22761cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff818a80000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
22771cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
22781cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff818a80000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
22791cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d24 pwszName=\Device\HarddiskVolume4\Windows\System32\mswsock.dll
22801cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
22811cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
22821cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F5D0CFD7C59A53ECEE5E548E409683E758757285
22831cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
22841cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
22851cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1995_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\mswsock.dll'
22861cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22871cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
22881cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
22891cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll)WinVerifyTrust
22901cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
22911cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22921cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22931cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
22941cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22951cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22961cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22971cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
22981cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff81f7e0000 LB 0x00059000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
22991cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
23001cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f7e0000 'C:\Windows\system32\mswsock.dll'
23011cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d5c pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
23021cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
23031cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
23041cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF2CE4B6EA46F5759902C86AAA15DD883AC6DD4E
23051cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
23061cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
23071cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
23081cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23091cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23101cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
23111cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23121cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
23131cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
23141cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
23151cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll)WinVerifyTrust
23161cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
23171cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
23181cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
23191cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
23201cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
23211cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23221cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
23231cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)WinVerifyTrust
23241cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
23251cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
23261cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
23271cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
23281cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23291cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23301cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23311cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23321cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23331cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23341cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23351cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23361cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23371cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23381cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23391cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23401cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
23411cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
23421cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll
23431cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff81ff20000 LB 0x00046000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
23441cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll
23451cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff8155d0000 LB 0x0009d000 C:\Windows\System32\dsound.dll [fFlags=0x0]
23461cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
23471cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
23481cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23491cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8155d0000 'C:\Windows\System32\dsound.dll'
23501cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8155d0000 'C:\Windows\System32\dsound.dll'
23511cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
23521cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
23531cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23541cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
23551cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'.
23561cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll)WinVerifyTrust
23571cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
23581cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
23591cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
23601cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [redoing WinVerifyTrust]
23611cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
23621cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
23631cf0.1530: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll'
23641cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23651cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23661cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23671cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23681cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
23691cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
23701cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff81d410000 LB 0x00070000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
23711cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
23721cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d410000 'C:\Windows\System32\MMDevApi.dll'
23731cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
23741cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23751cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81d410000 'C:\Windows\system32\MMDEVAPI.DLL'
23761cf0.1e98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
23771cf0.1e98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
23781cf0.1e98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23791cf0.1e98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
23801cf0.1e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23811cf0.1e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
23821cf0.1e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
23831cf0.1e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'mmdevapi.dll'.
23841cf0.1e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
23851cf0.1e98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll)WinVerifyTrust
23861cf0.1e98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
23871cf0.1e98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23881cf0.1e98: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23891cf0.1e98: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
23901cf0.1e98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
23911cf0.1e98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
23921cf0.1e98: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
23931cf0.1e98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
23941cf0.1e98: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
23951cf0.1e98: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
23961cf0.1e98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23971cf0.1e98: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23981cf0.1e98: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
23991cf0.1e98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24001cf0.1e98: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24011cf0.1e98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24021cf0.1e98: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24031cf0.1e98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24041cf0.1e98: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
24051cf0.1e98: supR3HardenedDllNotificationCallback: load 00007ff811520000 LB 0x0007e000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
24061cf0.1e98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
24071cf0.1e98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff811520000 'C:\Windows\system32\AUDIOSES.DLL'
24081cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
24091cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24101cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
24111cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dcc pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
24121cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
24131cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
24141cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39D0975C289FEE943955B8CE81B02A0395FAA747
24151cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
24161cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
24171cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
24181cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24191cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24201cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'mmdevapi.dll'.
24211cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
24221cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'winmm.dll'.
24231cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
24241cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'avrt.dll'.
24251cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv)WinVerifyTrust
24261cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
24271cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
24281cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
24291cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
24301cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
24311cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll)WinVerifyTrust
24321cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
24331cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
24341cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
24351cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
24361cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
24371cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24381cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll)WinVerifyTrust
24391cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
24401cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
24411cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
24421cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
24431cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24441cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24451cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
24461cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
24471cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
24481cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24491cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24501cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24511cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24521cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24531cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
24541cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
24551cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
24561cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff81aa30000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
24571cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
24581cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff81def0000 LB 0x0000c000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
24591cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
24601cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff81ab50000 LB 0x0003e000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
24611cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
24621cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24631cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
24641cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24651cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24661cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
24671cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24681cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24691cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
24701cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24711cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24721cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
24731cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24741cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24751cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
24761cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24771cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24781cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
24791cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24801cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24811cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24821cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24831cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24841cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24851cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24861cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24871cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24881cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
24891cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24901cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24911cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24921cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24931cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24941cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24951cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24961cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24971cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24981cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
24991cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
25001cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
25011cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81ab50000 'C:\Windows\system32\wdmaud.drv'
25021cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e40 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
25031cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
25041cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
25051cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC41C5E1A841A83249581F1B29E14A708B8981A9
25061cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
25071cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
25081cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
25091cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25101cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25111cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
25121cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
25131cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
25141cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
25151cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv)WinVerifyTrust
25161cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
25171cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
25181cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
25191cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
25201cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
25211cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
25221cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
25231cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
25241cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25251cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll)WinVerifyTrust
25261cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
25271cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
25281cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
25291cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
25301cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25311cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25321cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25331cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25341cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25351cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25361cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25371cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
25381cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
25391cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff818c70000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
25401cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
25411cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff81cb10000 LB 0x0000b000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
25421cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
25431cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81cb10000 'C:\Windows\system32\msacm32.drv'
25441cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
25451cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25461cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81cb10000 'C:\Windows\system32\msacm32.drv'
25471cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
25481cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25491cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81cb10000 'C:\Windows\system32\msacm32.drv'
25501cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
25511cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25521cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81cb10000 'C:\Windows\system32\msacm32.drv'
25531cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
25541cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25551cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81cb10000 'C:\Windows\system32\msacm32.drv'
25561cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
25571cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25581cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81cb10000 'C:\Windows\system32\msacm32.drv'
25591cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
25601cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25611cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81cb10000 'C:\Windows\system32\msacm32.drv'
25621cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81cb10000 'C:\Windows\system32\msacm32.drv'
25631cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81cb10000 'C:\Windows\system32\msacm32.drv'
25641cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81cb10000 'C:\Windows\system32\msacm32.drv'
25651cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dd0 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
25661cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
25671cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
25681cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0F2984C30BFC77017EA7B9BF6F656853E29D991
25691cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
25701cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
25711cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
25721cf0.1530: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25731cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25741cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
25751cf0.1530: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
25761cf0.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll)WinVerifyTrust
25771cf0.1530: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
25781cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
25791cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
25801cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25811cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25821cf0.1530: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
25831cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25841cf0.1530: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25851cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25861cf0.1530: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
25871cf0.1530: supR3HardenedDllNotificationCallback: load 00007ff81b4b0000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0]
25881cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
25891cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b4b0000 'C:\Windows\system32\midimap.dll'
25901cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
25911cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25921cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b4b0000 'C:\Windows\system32\midimap.dll'
25931cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
25941cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25951cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b4b0000 'C:\Windows\system32\midimap.dll'
25961cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
25971cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25981cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81b4b0000 'C:\Windows\system32\midimap.dll'
25991cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26001cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26011cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26021cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26031cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26041cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26051cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
26061cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26071cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26081cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26091cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26101cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26111cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26121cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26131cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26141cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26151cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26161cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26171cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26181cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816240000 'C:\Windows\system32\winmm.dll'
26191cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff6980000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26201cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
26211cf0.1530: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
26221cf0.1530: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26231cf0.1530: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820830000 'C:\Windows\system32/kernel32.dll'
26241cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f74 pwszName=\Device\HarddiskVolume4\Windows\System32\mscms.dll
26251cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
26261cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
26271cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C01A2E8CE3347A322BF0830A5BC147EBA8BAD06F
26281cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
26291cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
26301cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1529_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\mscms.dll'
26311cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26321cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26331cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
26341cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mscms.dll)WinVerifyTrust
26351cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mscms.dll
26361cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
26371cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
26381cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
26391cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26401cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26411cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26421cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mscms.dll
26431cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff8091d0000 LB 0x00092000 C:\Windows\system32\mscms.dll [fFlags=0x0]
26441cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mscms.dll
26451cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8091d0000 'C:\Windows\system32\mscms.dll'
26461cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000688 pwszName=\Device\HarddiskVolume4\Windows\System32\icm32.dll
26471cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ccfe0
26481cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ccfe0
26491cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47D46A3D26A83E75181F440594F6DC145125C84E
26501cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81f4b0000 'C:\Windows\system32\rsaenh.dll'
26511cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff820220000 'C:\Windows\system32\crypt32.dll'
26521cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1529_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\icm32.dll'
26531cf0.15a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26541cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26551cf0.15a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
26561cf0.15a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\icm32.dll)WinVerifyTrust
26571cf0.15a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\icm32.dll
26581cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
26591cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume4\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
26601cf0.15a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mscms.dll
26611cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26621cf0.15a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26631cf0.15a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26641cf0.15a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\icm32.dll
26651cf0.15a0: supR3HardenedDllNotificationCallback: load 00007ff816750000 LB 0x00041000 C:\Windows\system32\icm32.dll [fFlags=0x0]
26661cf0.15a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\icm32.dll
26671cf0.15a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff816750000 'C:\Windows\system32\icm32.dll'
26681cf0.664: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
26691cf0.664: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26701cf0.664: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff81def0000 'C:\Windows\system32\avrt.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy