VirtualBox

Ticket #14694: VBoxHardening.log

File VBoxHardening.log, 376.8 KB (added by zburns, 9 years ago)
Line 
11e00.2090: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0280000
21e00.2090: \SystemRoot\System32\ntdll.dll:
31e00.2090: CreationTime: 2015-08-20T23:20:59.070821600Z
41e00.2090: LastWriteTime: 2015-08-08T07:29:58.168349600Z
51e00.2090: ChangeTime: 2015-08-21T10:30:50.420447700Z
61e00.2090: FileAttributes: 0x20
71e00.2090: Size: 0x1bce48
81e00.2090: NT Headers: 0xd8
91e00.2090: Timestamp: 0x55c59f92
101e00.2090: Machine: 0x8664 - amd64
111e00.2090: Timestamp: 0x55c59f92
121e00.2090: Image Version: 10.0
131e00.2090: SizeOfImage: 0x1c1000 (1839104)
141e00.2090: Resource Dir: 0x15a000 LB 0x65718
151e00.2090: ProductName: Microsoft® Windows® Operating System
161e00.2090: ProductVersion: 10.0.10240.16430
171e00.2090: FileVersion: 10.0.10240.16430 (th1.150807-2049)
181e00.2090: FileDescription: NT Layer DLL
191e00.2090: \SystemRoot\System32\kernel32.dll:
201e00.2090: CreationTime: 2015-07-10T10:59:59.699781600Z
211e00.2090: LastWriteTime: 2015-07-10T10:59:59.699781600Z
221e00.2090: ChangeTime: 2015-10-13T23:39:05.537198800Z
231e00.2090: FileAttributes: 0x20
241e00.2090: Size: 0xab830
251e00.2090: NT Headers: 0xf0
261e00.2090: Timestamp: 0x559f38ad
271e00.2090: Machine: 0x8664 - amd64
281e00.2090: Timestamp: 0x559f38ad
291e00.2090: Image Version: 10.0
301e00.2090: SizeOfImage: 0xad000 (708608)
311e00.2090: Resource Dir: 0xab000 LB 0x518
321e00.2090: ProductName: Microsoft® Windows® Operating System
331e00.2090: ProductVersion: 10.0.10240.16384
341e00.2090: FileVersion: 10.0.10240.16384 (th1.150709-1700)
351e00.2090: FileDescription: Windows NT BASE API Client DLL
361e00.2090: \SystemRoot\System32\KernelBase.dll:
371e00.2090: CreationTime: 2015-07-10T11:00:10.325689700Z
381e00.2090: LastWriteTime: 2015-07-10T11:00:10.325689700Z
391e00.2090: ChangeTime: 2015-10-13T23:39:05.865323100Z
401e00.2090: FileAttributes: 0x20
411e00.2090: Size: 0x1dc680
421e00.2090: NT Headers: 0x100
431e00.2090: Timestamp: 0x559f38c3
441e00.2090: Machine: 0x8664 - amd64
451e00.2090: Timestamp: 0x559f38c3
461e00.2090: Image Version: 10.0
471e00.2090: SizeOfImage: 0x1dd000 (1953792)
481e00.2090: Resource Dir: 0x1c7000 LB 0x530
491e00.2090: ProductName: Microsoft® Windows® Operating System
501e00.2090: ProductVersion: 10.0.10240.16384
511e00.2090: FileVersion: 10.0.10240.16384 (th1.150709-1700)
521e00.2090: FileDescription: Windows NT BASE API Client DLL
531e00.2090: \SystemRoot\System32\apisetschema.dll:
541e00.2090: CreationTime: 2015-07-10T11:00:04.872098600Z
551e00.2090: LastWriteTime: 2015-07-10T11:00:04.872098600Z
561e00.2090: ChangeTime: 2015-08-21T03:35:07.893781700Z
571e00.2090: FileAttributes: 0x20
581e00.2090: Size: 0x16760
591e00.2090: NT Headers: 0xc8
601e00.2090: Timestamp: 0x559f3e3d
611e00.2090: Machine: 0x8664 - amd64
621e00.2090: Timestamp: 0x559f3e3d
631e00.2090: Image Version: 10.0
641e00.2090: SizeOfImage: 0x17000 (94208)
651e00.2090: Resource Dir: 0x16000 LB 0x3f0
661e00.2090: ProductName: Microsoft® Windows® Operating System
671e00.2090: ProductVersion: 10.0.10240.16384
681e00.2090: FileVersion: 10.0.10240.16384 (th1.150709-1700)
691e00.2090: FileDescription: ApiSet Schema DLL
701e00.2090: NtOpenDirectoryObject failed on \Driver: 0xc0000022
711e00.2090: supR3HardenedWinFindAdversaries: 0x0
721e00.2090: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
731e00.2090: Calling main()
741e00.2090: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
751e00.2090: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
761e00.2090: SUPR3HardenedMain: Respawn #1
771e00.2090: System32: \Device\HarddiskVolume4\Windows\System32
781e00.2090: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
791e00.2090: KnownDllPath: C:\Windows\system32
801e00.2090: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
811e00.2090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
821e00.2090: supR3HardNtEnableThreadCreation:
831e00.2090: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20
841e00.2090: supR3HardenedWinDoReSpawn(1): New child 17d4.18f8 [kernel32].
851e00.2090: supR3HardNtChildGatherData: PebBaseAddress=00007ff674c0a000 cbPeb=0x388
861e00.2090: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffad44d0000 uNtDllChildAddr=00007ffad44d0000
871e00.2090: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffad453fb70
881e00.2090: supR3HardenedWinSetupChildInit: Start child.
891e00.2090: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
901e00.2090: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 21 sleeps
911e00.2090: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
921e00.2090: *0000000000000000-ffffffffff00ffff 0x0001/0x0000 0x0000000
931e00.2090: *0000000000ff0000-0000000000fcffff 0x0004/0x0004 0x0020000
941e00.2090: *0000000001010000-0000000000ffbfff 0x0002/0x0002 0x0040000
951e00.2090: 0000000001024000-0000000001017fff 0x0001/0x0000 0x0000000
961e00.2090: *0000000001030000-0000000000f33fff 0x0000/0x0004 0x0020000
971e00.2090: 000000000112c000-0000000001128fff 0x0104/0x0004 0x0020000
981e00.2090: 000000000112f000-000000000112dfff 0x0004/0x0004 0x0020000
991e00.2090: *0000000001130000-000000000112bfff 0x0002/0x0002 0x0040000
1001e00.2090: 0000000001134000-0000000001127fff 0x0001/0x0000 0x0000000
1011e00.2090: *0000000001140000-000000000113dfff 0x0004/0x0004 0x0020000
1021e00.2090: 0000000001142000-ffffffff822a3fff 0x0001/0x0000 0x0000000
1031e00.2090: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1041e00.2090: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1051e00.2090: 000000007fff0000-ffff800a8b3fffff 0x0001/0x0000 0x0000000
1061e00.2090: *00007ff674be0000-00007ff674bbcfff 0x0002/0x0002 0x0040000
1071e00.2090: 00007ff674c03000-00007ff674bfbfff 0x0001/0x0000 0x0000000
1081e00.2090: *00007ff674c0a000-00007ff674c08fff 0x0004/0x0004 0x0020000
1091e00.2090: 00007ff674c0b000-00007ff674c07fff 0x0001/0x0000 0x0000000
1101e00.2090: *00007ff674c0e000-00007ff674c0bfff 0x0004/0x0004 0x0020000
1111e00.2090: 00007ff674c10000-00007ff67423ffff 0x0001/0x0000 0x0000000
1121e00.2090: *00007ff6755e0000-00007ff6755e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1131e00.2090: 00007ff6755e1000-00007ff675667fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1141e00.2090: 00007ff675668000-00007ff675668fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1151e00.2090: 00007ff675669000-00007ff6756b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1161e00.2090: 00007ff6756b4000-00007ff6756b4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1171e00.2090: 00007ff6756b5000-00007ff6756b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1181e00.2090: 00007ff6756b6000-00007ff6756bafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1191e00.2090: 00007ff6756bb000-00007ff6756bbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1201e00.2090: 00007ff6756bc000-00007ff6756bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1211e00.2090: 00007ff6756bd000-00007ff6756c0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1221e00.2090: 00007ff6756c1000-00007ff67570bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1231e00.2090: 00007ff67570c000-00007ff216947fff 0x0001/0x0000 0x0000000
1241e00.2090: *00007ffad44d0000-00007ffad44d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1251e00.2090: 00007ffad44d1000-00007ffad45ccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1261e00.2090: 00007ffad45cd000-00007ffad460efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1271e00.2090: 00007ffad460f000-00007ffad4617fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1281e00.2090: 00007ffad4618000-00007ffad4625fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1291e00.2090: 00007ffad4626000-00007ffad4626fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1301e00.2090: 00007ffad4627000-00007ffad4629fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1311e00.2090: 00007ffad462a000-00007ffad4690fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1321e00.2090: 00007ffad4691000-00007ff5a8d41fff 0x0001/0x0000 0x0000000
1331e00.2090: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
1341e00.2090: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS)
1351e00.2090: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1361e00.2090: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
1371e00.2090: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0).
13817d4.18f8: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
13917d4.18f8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffad44d0000
1401e00.2090: supR3HardNtEnableThreadCreation:
14117d4.18f8: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
14217d4.18f8: New simple heap: #1 0000000001250000 LB 0x400000 (for 1839104 allocation)
14317d4.18f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
14417d4.18f8: System32: \Device\HarddiskVolume4\Windows\System32
14517d4.18f8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
14617d4.18f8: KnownDllPath: C:\Windows\system32
14717d4.18f8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
14817d4.18f8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
14917d4.18f8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
15017d4.18f8: Registered Dll notification callback with NTDLL.
15117d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
15217d4.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
15317d4.18f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
15417d4.18f8: supR3HardenedDllNotificationCallback: load 00007ffad1900000 LB 0x001dd000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
15517d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
15617d4.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
15717d4.18f8: supR3HardenedDllNotificationCallback: load 00007ffad4420000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
15817d4.18f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
15917d4.18f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\KERNEL32.DLL'
16017d4.18f8: supR3HardenedDllNotificationCallback: load 00007ff6755e0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
16117d4.18f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
16217d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
16317d4.18f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
16417d4.18f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20
1651e00.2090: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 63 ms.
16617d4.18f8: \SystemRoot\System32\ntdll.dll:
16717d4.18f8: CreationTime: 2015-08-20T23:20:59.070821600Z
16817d4.18f8: LastWriteTime: 2015-08-08T07:29:58.168349600Z
16917d4.18f8: ChangeTime: 2015-08-21T10:30:50.420447700Z
17017d4.18f8: FileAttributes: 0x20
17117d4.18f8: Size: 0x1bce48
17217d4.18f8: NT Headers: 0xd8
17317d4.18f8: Timestamp: 0x55c59f92
17417d4.18f8: Machine: 0x8664 - amd64
17517d4.18f8: Timestamp: 0x55c59f92
17617d4.18f8: Image Version: 10.0
17717d4.18f8: SizeOfImage: 0x1c1000 (1839104)
17817d4.18f8: Resource Dir: 0x15a000 LB 0x65718
17917d4.18f8: ProductName: Microsoft® Windows® Operating System
18017d4.18f8: ProductVersion: 10.0.10240.16430
18117d4.18f8: FileVersion: 10.0.10240.16430 (th1.150807-2049)
18217d4.18f8: FileDescription: NT Layer DLL
18317d4.18f8: \SystemRoot\System32\kernel32.dll:
18417d4.18f8: CreationTime: 2015-07-10T10:59:59.699781600Z
18517d4.18f8: LastWriteTime: 2015-07-10T10:59:59.699781600Z
18617d4.18f8: ChangeTime: 2015-10-13T23:39:05.537198800Z
18717d4.18f8: FileAttributes: 0x20
18817d4.18f8: Size: 0xab830
18917d4.18f8: NT Headers: 0xf0
19017d4.18f8: Timestamp: 0x559f38ad
19117d4.18f8: Machine: 0x8664 - amd64
19217d4.18f8: Timestamp: 0x559f38ad
19317d4.18f8: Image Version: 10.0
19417d4.18f8: SizeOfImage: 0xad000 (708608)
19517d4.18f8: Resource Dir: 0xab000 LB 0x518
19617d4.18f8: ProductName: Microsoft® Windows® Operating System
19717d4.18f8: ProductVersion: 10.0.10240.16384
19817d4.18f8: FileVersion: 10.0.10240.16384 (th1.150709-1700)
19917d4.18f8: FileDescription: Windows NT BASE API Client DLL
20017d4.18f8: \SystemRoot\System32\KernelBase.dll:
20117d4.18f8: CreationTime: 2015-07-10T11:00:10.325689700Z
20217d4.18f8: LastWriteTime: 2015-07-10T11:00:10.325689700Z
20317d4.18f8: ChangeTime: 2015-10-13T23:39:05.865323100Z
20417d4.18f8: FileAttributes: 0x20
20517d4.18f8: Size: 0x1dc680
20617d4.18f8: NT Headers: 0x100
20717d4.18f8: Timestamp: 0x559f38c3
20817d4.18f8: Machine: 0x8664 - amd64
20917d4.18f8: Timestamp: 0x559f38c3
21017d4.18f8: Image Version: 10.0
21117d4.18f8: SizeOfImage: 0x1dd000 (1953792)
21217d4.18f8: Resource Dir: 0x1c7000 LB 0x530
21317d4.18f8: ProductName: Microsoft® Windows® Operating System
21417d4.18f8: ProductVersion: 10.0.10240.16384
21517d4.18f8: FileVersion: 10.0.10240.16384 (th1.150709-1700)
21617d4.18f8: FileDescription: Windows NT BASE API Client DLL
21717d4.18f8: \SystemRoot\System32\apisetschema.dll:
21817d4.18f8: CreationTime: 2015-07-10T11:00:04.872098600Z
21917d4.18f8: LastWriteTime: 2015-07-10T11:00:04.872098600Z
22017d4.18f8: ChangeTime: 2015-08-21T03:35:07.893781700Z
22117d4.18f8: FileAttributes: 0x20
22217d4.18f8: Size: 0x16760
22317d4.18f8: NT Headers: 0xc8
22417d4.18f8: Timestamp: 0x559f3e3d
22517d4.18f8: Machine: 0x8664 - amd64
22617d4.18f8: Timestamp: 0x559f3e3d
22717d4.18f8: Image Version: 10.0
22817d4.18f8: SizeOfImage: 0x17000 (94208)
22917d4.18f8: Resource Dir: 0x16000 LB 0x3f0
23017d4.18f8: ProductName: Microsoft® Windows® Operating System
23117d4.18f8: ProductVersion: 10.0.10240.16384
23217d4.18f8: FileVersion: 10.0.10240.16384 (th1.150709-1700)
23317d4.18f8: FileDescription: ApiSet Schema DLL
23417d4.18f8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
23517d4.18f8: supR3HardenedWinFindAdversaries: 0x0
23617d4.18f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
23717d4.18f8: Calling main()
23817d4.18f8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
23917d4.18f8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
24017d4.18f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
24117d4.18f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
24217d4.18f8: SUPR3HardenedMain: Respawn #2
24317d4.18f8: supR3HardNtEnableThreadCreation:
24417d4.18f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20
24517d4.18f8: supR3HardenedWinDoReSpawn(2): New child 130c.1f0c [kernel32].
24617d4.18f8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
24717d4.18f8: supR3HardNtChildGatherData: PebBaseAddress=00007ff674633000 cbPeb=0x388
24817d4.18f8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffad44d0000 uNtDllChildAddr=00007ffad44d0000
24917d4.18f8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffad453fb70
25017d4.18f8: supR3HardenedWinSetupChildInit: Start child.
25117d4.18f8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
25217d4.18f8: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 22 sleeps
25317d4.18f8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
25417d4.18f8: *0000000000000000-ffffffffff7dffff 0x0001/0x0000 0x0000000
25517d4.18f8: *0000000000820000-00000000007fffff 0x0004/0x0004 0x0020000
25617d4.18f8: *0000000000840000-000000000082bfff 0x0002/0x0002 0x0040000
25717d4.18f8: 0000000000854000-0000000000847fff 0x0001/0x0000 0x0000000
25817d4.18f8: *0000000000860000-0000000000763fff 0x0000/0x0004 0x0020000
25917d4.18f8: 000000000095c000-0000000000958fff 0x0104/0x0004 0x0020000
26017d4.18f8: 000000000095f000-000000000095dfff 0x0004/0x0004 0x0020000
26117d4.18f8: *0000000000960000-000000000095bfff 0x0002/0x0002 0x0040000
26217d4.18f8: 0000000000964000-0000000000957fff 0x0001/0x0000 0x0000000
26317d4.18f8: *0000000000970000-000000000096dfff 0x0004/0x0004 0x0020000
26417d4.18f8: 0000000000972000-ffffffff81303fff 0x0001/0x0000 0x0000000
26517d4.18f8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
26617d4.18f8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
26717d4.18f8: 000000007fff0000-ffff800a8b9cffff 0x0001/0x0000 0x0000000
26817d4.18f8: *00007ff674610000-00007ff6745ecfff 0x0002/0x0002 0x0040000
26917d4.18f8: *00007ff674633000-00007ff674631fff 0x0004/0x0004 0x0020000
27017d4.18f8: 00007ff674634000-00007ff674629fff 0x0001/0x0000 0x0000000
27117d4.18f8: *00007ff67463e000-00007ff67463bfff 0x0004/0x0004 0x0020000
27217d4.18f8: 00007ff674640000-00007ff67369ffff 0x0001/0x0000 0x0000000
27317d4.18f8: *00007ff6755e0000-00007ff6755e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
27417d4.18f8: 00007ff6755e1000-00007ff675667fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
27517d4.18f8: 00007ff675668000-00007ff675668fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
27617d4.18f8: 00007ff675669000-00007ff6756b3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
27717d4.18f8: 00007ff6756b4000-00007ff6756b4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
27817d4.18f8: 00007ff6756b5000-00007ff6756b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
27917d4.18f8: 00007ff6756b6000-00007ff6756bafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
28017d4.18f8: 00007ff6756bb000-00007ff6756bbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
28117d4.18f8: 00007ff6756bc000-00007ff6756bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
28217d4.18f8: 00007ff6756bd000-00007ff6756c0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
28317d4.18f8: 00007ff6756c1000-00007ff67570bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
28417d4.18f8: 00007ff67570c000-00007ff216947fff 0x0001/0x0000 0x0000000
28517d4.18f8: *00007ffad44d0000-00007ffad44d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28617d4.18f8: 00007ffad44d1000-00007ffad45ccfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28717d4.18f8: 00007ffad45cd000-00007ffad460efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28817d4.18f8: 00007ffad460f000-00007ffad4617fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
28917d4.18f8: 00007ffad4618000-00007ffad4625fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
29017d4.18f8: 00007ffad4626000-00007ffad4626fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
29117d4.18f8: 00007ffad4627000-00007ffad4629fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
29217d4.18f8: 00007ffad462a000-00007ffad4690fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
29317d4.18f8: 00007ffad4691000-00007ff5a8d41fff 0x0001/0x0000 0x0000000
29417d4.18f8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
29517d4.18f8: VirtualBox.exe: timestamp 0x561faefe (rc=VINF_SUCCESS)
29617d4.18f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
29717d4.18f8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
29817d4.18f8: supR3HardNtChildPurify: Done after 295 ms and 0 fixes (loop #0).
299130c.1f0c: Log file opened: 5.0.8r103449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
300130c.1f0c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffad44d0000
30117d4.18f8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001250000 LB 0x400000)
302130c.1f0c: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS)
303130c.1f0c: New simple heap: #1 0000000000a80000 LB 0x400000 (for 1839104 allocation)
30417d4.18f8: supR3HardNtEnableThreadCreation:
305130c.1f0c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
306130c.1f0c: System32: \Device\HarddiskVolume4\Windows\System32
307130c.1f0c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
308130c.1f0c: KnownDllPath: C:\Windows\system32
309130c.1f0c: supR3HardenedVmProcessInit: Opening vboxdrv...
310130c.1f0c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
311130c.1f0c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
312130c.1f0c: Registered Dll notification callback with NTDLL.
313130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
314130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
315130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
316130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1900000 LB 0x001dd000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
317130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
318130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
319130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad4420000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
320130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
321130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\KERNEL32.DLL'
322130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ff6755e0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
323130c.1f0c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
324130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
325130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
326130c.1f0c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffad453fb70 pvNtTerminateThread=00007ffad4563a20
32717d4.18f8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 80 ms.
328130c.1f0c: \SystemRoot\System32\ntdll.dll:
329130c.1f0c: CreationTime: 2015-08-20T23:20:59.070821600Z
330130c.1f0c: LastWriteTime: 2015-08-08T07:29:58.168349600Z
331130c.1f0c: ChangeTime: 2015-08-21T10:30:50.420447700Z
332130c.1f0c: FileAttributes: 0x20
333130c.1f0c: Size: 0x1bce48
334130c.1f0c: NT Headers: 0xd8
335130c.1f0c: Timestamp: 0x55c59f92
336130c.1f0c: Machine: 0x8664 - amd64
337130c.1f0c: Timestamp: 0x55c59f92
338130c.1f0c: Image Version: 10.0
339130c.1f0c: SizeOfImage: 0x1c1000 (1839104)
340130c.1f0c: Resource Dir: 0x15a000 LB 0x65718
341130c.1f0c: ProductName: Microsoft® Windows® Operating System
342130c.1f0c: ProductVersion: 10.0.10240.16430
343130c.1f0c: FileVersion: 10.0.10240.16430 (th1.150807-2049)
344130c.1f0c: FileDescription: NT Layer DLL
345130c.1f0c: \SystemRoot\System32\kernel32.dll:
346130c.1f0c: CreationTime: 2015-07-10T10:59:59.699781600Z
347130c.1f0c: LastWriteTime: 2015-07-10T10:59:59.699781600Z
348130c.1f0c: ChangeTime: 2015-10-13T23:39:05.537198800Z
349130c.1f0c: FileAttributes: 0x20
350130c.1f0c: Size: 0xab830
351130c.1f0c: NT Headers: 0xf0
352130c.1f0c: Timestamp: 0x559f38ad
353130c.1f0c: Machine: 0x8664 - amd64
354130c.1f0c: Timestamp: 0x559f38ad
355130c.1f0c: Image Version: 10.0
356130c.1f0c: SizeOfImage: 0xad000 (708608)
357130c.1f0c: Resource Dir: 0xab000 LB 0x518
358130c.1f0c: ProductName: Microsoft® Windows® Operating System
359130c.1f0c: ProductVersion: 10.0.10240.16384
360130c.1f0c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
361130c.1f0c: FileDescription: Windows NT BASE API Client DLL
362130c.1f0c: \SystemRoot\System32\KernelBase.dll:
363130c.1f0c: CreationTime: 2015-07-10T11:00:10.325689700Z
364130c.1f0c: LastWriteTime: 2015-07-10T11:00:10.325689700Z
365130c.1f0c: ChangeTime: 2015-10-13T23:39:05.865323100Z
366130c.1f0c: FileAttributes: 0x20
367130c.1f0c: Size: 0x1dc680
368130c.1f0c: NT Headers: 0x100
369130c.1f0c: Timestamp: 0x559f38c3
370130c.1f0c: Machine: 0x8664 - amd64
371130c.1f0c: Timestamp: 0x559f38c3
372130c.1f0c: Image Version: 10.0
373130c.1f0c: SizeOfImage: 0x1dd000 (1953792)
374130c.1f0c: Resource Dir: 0x1c7000 LB 0x530
375130c.1f0c: ProductName: Microsoft® Windows® Operating System
376130c.1f0c: ProductVersion: 10.0.10240.16384
377130c.1f0c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
378130c.1f0c: FileDescription: Windows NT BASE API Client DLL
379130c.1f0c: \SystemRoot\System32\apisetschema.dll:
380130c.1f0c: CreationTime: 2015-07-10T11:00:04.872098600Z
381130c.1f0c: LastWriteTime: 2015-07-10T11:00:04.872098600Z
382130c.1f0c: ChangeTime: 2015-08-21T03:35:07.893781700Z
383130c.1f0c: FileAttributes: 0x20
384130c.1f0c: Size: 0x16760
385130c.1f0c: NT Headers: 0xc8
386130c.1f0c: Timestamp: 0x559f3e3d
387130c.1f0c: Machine: 0x8664 - amd64
388130c.1f0c: Timestamp: 0x559f3e3d
389130c.1f0c: Image Version: 10.0
390130c.1f0c: SizeOfImage: 0x17000 (94208)
391130c.1f0c: Resource Dir: 0x16000 LB 0x3f0
392130c.1f0c: ProductName: Microsoft® Windows® Operating System
393130c.1f0c: ProductVersion: 10.0.10240.16384
394130c.1f0c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
395130c.1f0c: FileDescription: ApiSet Schema DLL
396130c.1f0c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
397130c.1f0c: supR3HardenedWinFindAdversaries: 0x0
398130c.1f0c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
399130c.1f0c: Calling main()
400130c.1f0c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
401130c.1f0c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
402130c.1f0c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
403130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
404130c.1f0c: SUPR3HardenedMain: Final process, opening VBoxDrv...
405130c.1f0c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a80000 LB 0x400000)
406130c.1f0c: supR3HardNtEnableThreadCreation:
407130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
408130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
409130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
410130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
411130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac91f0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
412130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
413130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
414130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
415130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
416130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
417130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
418130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
419130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
420130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
421130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
422130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
423130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
424130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
425130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
426130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
427130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
428130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
429130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
430130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
431130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
432130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
433130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
434130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
435130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
436130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
437130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
438130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
439130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
440130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
441130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
442130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
443130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
444130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
445130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
446130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
447130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
448130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
449130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
450130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
451130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3cb0000 LB 0x0009d000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
452130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
453130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0f50000 LB 0x00011000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
454130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
455130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1000000 LB 0x001c1000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
456130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
457130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad4000000 LB 0x00126000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
458130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
459130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0fa0000 LB 0x00054000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
460130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
461130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\system32\Wintrust.dll'
462130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
463130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
464130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
465130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
466130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0e30000 LB 0x00028000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
467130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
468130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0e30000 'C:\Windows\system32\bcrypt.dll'
469130c.1f0c: bcrypt.dll loaded at 00007ffad0e30000, BCryptOpenAlgorithmProvider at 00007ffad0e34a00, preloading providers:
470130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
471130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
472130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
473130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
474130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0cc0000 LB 0x0006b000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
475130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
476130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0cc0000 'C:\Windows\system32\bcryptprimitives.dll'
477130c.1f0c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000e8a730)
478130c.1f0c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000e8adf0)
479130c.1f0c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000e8b0c0)
480130c.1f0c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000e8b420)
481130c.1f0c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000e8bf40)
482130c.1f0c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000e8c250)
483130c.1f0c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000e8c560)
484130c.1f0c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000e8c830)
485130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
486130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
487130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
488130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
489130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
490130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
491130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
492130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
493130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
494130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
495130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
496130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
497130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
498130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
499130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
500130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
501130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
502130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
503130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
504130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
505130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
506130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
507130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
508130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
509130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0460000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
510130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
511130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
512130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
513130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
514130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
515130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
516130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
517130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
518130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
519130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
520130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
521130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
522130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad00b0000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
523130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
524130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
525130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
526130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
527130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
528130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad05d0000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
529130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
530130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
531130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
532130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
533130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
534130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
535130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\kernel32.dll'
536130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
537130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
538130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
539130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
540130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\CRYPT32.dll'
541130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3400000 LB 0x0001c000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
542130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
543130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
544130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
545130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
546130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
547130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
548130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
549130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
550130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
551130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad31f0000 LB 0x0005b000 C:\Windows\system32\sechost.dll [fFlags=0x0]
552130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
553130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
554130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
555130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
556130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
557130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
558130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
559130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacf520000 LB 0x00023000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
560130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
561130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0f80000 LB 0x00013000 C:\Windows\system32\profapi.dll [fFlags=0x0]
562130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
563130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
564130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
565130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
566130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'.
567130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
568130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
569130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
570130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
571130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
572130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\Wldap32.dll)
573130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Wldap32.dll
574130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
575130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
576130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
577130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
578130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
579130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
580130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
581130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
582130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
583130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
584130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
585130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
586130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
587130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
588130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
589130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
590130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
591130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
592130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
593130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
594130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1bb0000 LB 0x0005b000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
595130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
596130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac2630000 LB 0x0002f000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
597130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
598130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
599130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
600130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
601130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
602130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
603130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
604130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
605130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
606130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
607130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
608130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
609130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
610130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
611130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
612130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
613130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
614130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
615130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
616130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
617130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
618130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
619130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
620130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
621130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
622130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
623130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
624130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
625130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
626130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\system32\cryptnet.dll'
627130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
628130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2630000 'C:\Windows\System32\cryptnet.dll'
629130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad37d0000 LB 0x000a6000 C:\Windows\system32\advapi32.dll [fFlags=0x0]
630130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
631130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
632130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
633130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
634130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
635130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
636130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
637130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
638130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
639130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
640130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
641130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
642130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
643130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
644130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
645130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
646130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
647130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
648130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
649130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
650130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
651130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000ec0cc0
652130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
653130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=311B4CDD9B998ED36E8EA94DCB004D809301CC36
654130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
655130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
656130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4000000 'C:\Windows\system32\rpcrt4.dll'
657130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
658130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
659130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
660130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
661130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
662130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
663130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
664130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
665130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
666130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
667130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
668130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
669130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
670130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
671130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\System32\WINTRUST.DLL'
672130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
673130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
674130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
675130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
676130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
677130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
678130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_555_for_KB3081455~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
679130c.1f0c: g_pfnWinVerifyTrust=00007ffad0fa8890
680130c.1f0c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
681130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
682130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
683130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
684130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
685130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
686130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
687130c.1f0c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
688130c.1f0c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
689130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
690130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
691130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
692130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
693130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
694130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
695130c.1f0c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
696130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
697130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
698130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
699130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
700130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
701130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume4\Windows\System32\Wldap32.dll
702130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
703130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
704130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E30C00BB3189B639214835B4F4C320DEC5BFA77
705130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
706130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
707130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
708130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
709130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
710130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
711130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000370 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
712130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
713130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
714130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997BB270A09A76A71A9EE8A7ADB154F3D75EEF3
715130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
716130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
717130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
718130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
719130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
720130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
721130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
722130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
723130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
724130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
725130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
726130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
727130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
728130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
729130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
730130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
731130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
732130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
733130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
734130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
735130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
736130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
737130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
738130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
739130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
740130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
741130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
742130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
743130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
744130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
745130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
746130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
747130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
748130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
749130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
750130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
751130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
752130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
753130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
754130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
755130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
756130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
757130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
758130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
759130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
760130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
761130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
762130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
763130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
764130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
765130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
766130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
767130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
768130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
769130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
770130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
771130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
772130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
773130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
774130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
775130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
776130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
777130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
778130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
779130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
780130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
781130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
782130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
783130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x6fae3debd474d000 CN=ZackWorkWin10
784130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
785130c.1f0c: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, ST=Washington, L=Renton, O=Parallels, Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, CN=Parallels, Inc.
786130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xcd5e8f6875d9ad00 CN=DESKTOP-C0JAJ7K
787130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
788130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
789130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
790130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
791130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
792130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
793130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
794130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
795130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
796130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
797130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
798130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
799130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
800130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
801130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
802130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
803130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
804130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
805130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
806130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
807130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
808130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
809130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
810130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
811130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
812130c.1f0c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
813130c.1f0c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=35
814130c.1f0c: SUPR3HardenedMain: Load Runtime...
815130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
816130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
817130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
818130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
819130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
820130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
821130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
822130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
823130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
824130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
825130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
826130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
827130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
828130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
829130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
830130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
831130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
832130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
833130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
834130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
835130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
836130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
837130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
838130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
839130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
840130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
841130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
842130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
843130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
844130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
845130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
846130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
847130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
848130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
849130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
850130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
851130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
852130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
853130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
854130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
855130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
856130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
857130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
858130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
859130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
860130c.1f0c: supR3HardenedDllNotificationCallback: load 0000000069750000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
861130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
862130c.1f0c: supR3HardenedDllNotificationCallback: load 00000000696b0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
863130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
864130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1ba0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
865130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
866130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad4130000 LB 0x00069000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
867130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
868130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaa5090000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
869130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
870130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
871130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
872130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
873130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rescheduled]
874130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
875130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
876130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
877130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
878130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
879130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
880130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
881130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
882130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
883130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
884130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
885130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
886130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
887130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
888130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
889130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
890130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
891130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
892130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
893130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
894130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
895130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
896130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
897130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
898130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
899130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
900130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
901130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
902130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
903130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
904130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
905130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
906130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
907130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
908130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
909130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
910130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
911130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
912130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
913130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
914130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
915130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
916130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
917130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
918130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
919130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
920130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
921130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
922130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5090000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
923130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0fa0000 'C:\Windows\system32\Wintrust.dll'
924130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
925130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
926130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
927130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
928130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
929130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
930130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
931130c.1f0c: SUPR3HardenedMain: Load TrustedMain...
932130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
933130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
934130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
935130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
936130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
937130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
938130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
939130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
940130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
941130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
942130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
943130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
944130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
945130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
946130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
947130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
948130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
949130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
950130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
951130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
952130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
953130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
954130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
955130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
956130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
957130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
958130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
959130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
960130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
961130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
962130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
963130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
964130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
965130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857477BEC0F0F69A9C4898B3680E207E94733C3F
966130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
967130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
968130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
969130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
970130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
971130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
972130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
973130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
974130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
975130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
976130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
977130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
978130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
979130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
980130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
981130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
982130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
983130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
984130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
985130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
986130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
987130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll)
988130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
989130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
990130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
991130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
992130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
993130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
994130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
995130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
996130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
997130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
998130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
999130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1000130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1001130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1002130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
1003130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
1004130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
1005130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1006130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1007130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1008130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
1009130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1010130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1011130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_329_for_KB3081444~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
1012130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1013130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1014130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
1015130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
1016130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
1017130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
1018130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
1019130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll) WinVerifyTrust
1020130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1021130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1022130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1023130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1024130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1025130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
1026130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1027130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'.
1028130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'.
1029130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
1030130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
1031130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1032130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1033130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
1034130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1035130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1036130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1037130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
1038130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
1039130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1040130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1041130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1042130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1043130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1044130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
1045130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1046130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
1047130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
1048130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
1049130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
1050130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1051130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1052130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1053130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1054130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1055130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1056130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1057130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1058130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1059130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1060130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1061130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1062130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1063130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1064130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1065130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1066130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1067130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1068130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1069130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1070130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1071130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1072130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1073130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1074130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1075130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1076130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1077130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1078130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1079130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1080130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1081130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1082130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1083130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
1084130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1085130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
1086130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1087130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1088130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1089130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1090130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1091130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1092130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1093130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1094130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1095130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1096130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
1097130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
1098130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
1099130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1100130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1101130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1102130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1103130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1104130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1105130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1106130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1107130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1108130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
1109130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
1110130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
1111130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
1112130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
1113130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
1114130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1115130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1116130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [redoing WinVerifyTrust]
1117130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1118130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1119130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
1120130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1121130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1122130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1123130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1124130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1125130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1126130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1127130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1128130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1129130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1130130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1131130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1132130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1133130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
1134130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1135130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1136130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1137130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1138130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1139130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1140130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1141130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1142130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
1143130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1144130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1145130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
1146130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1147130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1148130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
1149130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1150130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1151130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1152130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1153130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1154130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1155130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1156130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1157130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1158130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1159130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1160130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1161130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1162130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1163130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1164130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1165130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1166130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1167130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
1168130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1169130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1170130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1171130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1172130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1173130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1174130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
1175130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1176130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1177130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1178130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
1179130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1180130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1181130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1182130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1183130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1184130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1185130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1186130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1187130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1188130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1189130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1190130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1191130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1192130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
1193130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1194130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1195130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1196130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1197130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1198130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1199130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1200130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1201130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1202130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
1203130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1204130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1205130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1206130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1207130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1208130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1209130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
1210130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1211130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1212130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1213130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1214130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1215130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
1216130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1217130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
1218130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'.
1219130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'.
1220130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)
1221130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
1222130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1223130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1224130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
1225130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1226130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1227130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1228130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
1229130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
1230130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1231130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1232130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1233130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1234130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1235130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1236130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1237130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1238130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1239130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1240130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1241130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1242130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1243130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1244130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1245130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1246130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1247130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1248130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1249130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1250130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1251130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1252130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1253130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1254130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1255130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1256130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1257130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1258130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1259130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1260130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
1261130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1262130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
1263130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
1264130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
1265130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1266130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1267130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1268130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1269130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1270130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
1271130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1272130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'.
1273130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
1274130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
1275130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1276130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1277130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1278130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1279130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1280130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1281130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1282130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1283130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1284130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1285130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1286130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1287130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1288130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1289130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1290130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1291130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1292130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1293130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1294130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1295130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1296130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1297130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1298130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1299130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1300130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1301130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1302130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
1303130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1304130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1305130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
1306130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
1307130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
1308130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
1309130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1310130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1311130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1312130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1313130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
1314130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1315130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1316130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1317130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1318130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1319130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1320130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1321130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1322130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1323130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1324130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1325130c.1f0c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
1326130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1327130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1328130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1329130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)
1330130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
1331130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1332130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1333130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1334130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1335130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1336130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1337130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1338130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1339130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1340130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1341130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1342130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1343130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1344130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1345130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1346130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1347130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1348130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1349130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1350130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1351130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1352130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1353130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1354130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1355130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1356130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1357130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust
1358130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1359130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1360130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1361130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
1362130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1363130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1364130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1365130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1366130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1367130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1368130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1369130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1370130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1371130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1372130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
1373130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1374130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1375130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
1376130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1377130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
1378130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1379130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1380130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1381130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1382130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
1383130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1384130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1385130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1386130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1387130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1388130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1389130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1390130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1391130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
1392130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
1393130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
1394130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F0CC8DA0E67C8C01864C0783FA867C4BDCE0AAA
1395130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1396130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1397130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
1398130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1399130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
1400130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1401130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
1402130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1403130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1404130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1405130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1406130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1407130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1408130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1409130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1410130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll)
1411130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll
1412130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1413130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1414130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1415130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1416130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1417130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1418130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1419130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3480000 LB 0x0014e000 C:\Windows\system32\USER32.dll [fFlags=0x0]
1420130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3640000 LB 0x00186000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
1421130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8bc0000 LB 0x00008000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
1422130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1423130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab7ca0000 LB 0x000f6000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
1424130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1425130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab7da0000 LB 0x0002e000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
1426130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1427130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8160000 LB 0x00128000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1428130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1429130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad41a0000 LB 0x0027c000 C:\Windows\system32\combase.dll [fFlags=0x0]
1430130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1431130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3df0000 LB 0x00141000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1432130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1433130c.1f0c: supR3HardenedDllNotificationCallback: load 00000000693d0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1434130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1435130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1ae0000 LB 0x000b3000 C:\Windows\system32\shcore.dll [fFlags=0x0]
1436130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1437130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'combase.dll'.
1438130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
1439130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
1440130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3d90000 LB 0x00051000 C:\Windows\system32\shlwapi.dll [fFlags=0x0]
1441130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1442130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac4560000 LB 0x000aa000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\COMCTL32.dll [fFlags=0x0]
1443130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [avoiding WinVerifyTrust]
1444130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0f70000 LB 0x0000f000 C:\Windows\system32\kernel.appcore.dll [fFlags=0x0]
1445130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
1446130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1447130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
1448130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
1449130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0f00000 LB 0x0004a000 C:\Windows\system32\powrprof.dll [fFlags=0x0]
1450130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1451130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
1452130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
1453130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
1454130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad11d0000 LB 0x00628000 C:\Windows\system32\windows.storage.dll [fFlags=0x0]
1455130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1456130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
1457130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
1458130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'profapi.dll'.
1459130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
1460130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
1461130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1cc0000 LB 0x01522000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1462130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1463130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3a70000 LB 0x000d7000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1464130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1465130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3f40000 LB 0x000be000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1466130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1467130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3b50000 LB 0x0015c000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
1468130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
1469130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3d50000 LB 0x00036000 C:\Windows\system32\IMM32.dll [fFlags=0x0]
1470130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1471130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1800000 LB 0x00044000 C:\Windows\system32\cfgmgr32.dll [fFlags=0x0]
1472130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1473130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad0ba0000 LB 0x00027000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
1474130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1475130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacec30000 LB 0x0002c000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1476130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1477130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacec90000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
1478130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1479130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacae00000 LB 0x00084000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1480130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1481130c.1f0c: supR3HardenedDllNotificationCallback: load 0000000068950000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1482130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1483130c.1f0c: supR3HardenedDllNotificationCallback: load 00000000692c0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
1484130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1485130c.1f0c: supR3HardenedDllNotificationCallback: load 0000000068870000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1486130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1487130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaa45d0000 LB 0x00ab9000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1488130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
1489130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
1490130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
1491130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
1492130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
1493130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
1494130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
1495130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
1496130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
1497130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'.
1498130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [rescheduled]
1499130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
1500130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled]
1501130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
1502130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rescheduled]
1503130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
1504130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
1505130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
1506130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
1507130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
1508130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
1509130c.1f0c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
1510130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled]
1511130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1512130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
1513130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
1514130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
1515130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
1516130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
1517130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
1518130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
1519130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
1520130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rescheduled]
1521130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
1522130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
1523130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1524130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
1525130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
1526130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1527130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1528130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
1529130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1530130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1531130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
1532130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1533130c.1f0c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
1534130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1535130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1536130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1537130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1538130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1539130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1540130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1541130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1542130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1543130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1544130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1545130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1546130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1547130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1548130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
1549130c.1f0c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1550130c.1f0c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
1551130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1552130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1553130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1554130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1555130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1556130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1557130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1558130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1559130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1560130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1561130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3d50000 'C:\Windows\system32\imm32.dll'
1562130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa45d0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1563130c.1f0c: SUPR3HardenedMain: Calling TrustedMain (00007ffaa45d10d0)...
1564130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1565130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1566130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
1567130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006a4 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1568130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
1569130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
1570130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3717D376EF95470D8C03AD02F97C4DCBCE269CF8
1571130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1572130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1573130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB3097617~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
1574130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1575130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1576130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
1577130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
1578130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
1579130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1580130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1581130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1582130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1583130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1584130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1585130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1586130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1587130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1588130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaceee0000 LB 0x00096000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1589130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1590130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll'
1591130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1592130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
1593130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
1594130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
1595130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
1596130c.1f0c: supR3HardenedDllNotificationCallback: load 00007fface0a0000 LB 0x00022000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1597130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1598130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume4\Windows\System32\dwmapi.dll
1599130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
1600130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
1601130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71451274041047D99462EA805D3FAD1A9E10F86D
1602130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1603130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1604130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1605130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1606130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1607130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1608130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1609130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1610130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1611130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_138_for_KB3097617~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
1612130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1613130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
1614130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1615130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1616130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1617130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1618130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1619130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\kernel32.dll'
1620130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1621130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1622130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll'
1623130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1624130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1625130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll'
1626130c.1f0c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1627130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1628130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1629130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3480000 'C:\Windows\system32\user32.dll'
1630130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1631130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1632130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32\uxtheme.dll'
1633130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3480000 'C:\Windows\system32\user32.dll'
1634130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1635130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1636130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad37d0000 'C:\Windows\system32\advapi32.dll'
1637130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1638130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1639130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1640130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1641130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
1642130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
1643130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
1644130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1645130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1646130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
1647130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1648130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1649130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1650130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1651130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1652130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
1653130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad01a0000 LB 0x0001f000 C:\Windows\system32\userenv.dll [fFlags=0x0]
1654130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
1655130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad01a0000 'C:\Windows\system32\userenv.dll'
1656130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1657130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1658130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32\kernel32.dll'
1659130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad1c10000 LB 0x000a5000 C:\Windows\system32\clbcatq.dll [fFlags=0x0]
1660130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1661130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1662130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
1663130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
1664130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1665130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1666130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1667130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1668130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1669130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1670130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
1671130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1672130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1673130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1674130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1675130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
1676130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
1677130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1678130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
1679130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
1680130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
1681130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1682130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1683130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1684130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1685130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1686130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1687130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1688130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1689130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1690130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1691130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1692130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1693130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
1694130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
1695130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1696130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1697130c.2260: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1698130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll) WinVerifyTrust
1699130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
1700130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1701130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1702130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1703130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1704130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1705130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
1706130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
1707130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1708130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1709130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1710130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1711130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\psapi.dll) WinVerifyTrust
1712130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\psapi.dll
1713130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1714130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1715130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1716130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1717130c.2260: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1718130c.2260: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1719130c.2260: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1720130c.2260: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1721130c.2260: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
1722130c.2260: supR3HardenedDllNotificationCallback: load 00007ffad3a60000 LB 0x00008000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
1723130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\psapi.dll
1724130c.2260: supR3HardenedDllNotificationCallback: load 00007ffacf500000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0]
1725130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
1726130c.2260: supR3HardenedDllNotificationCallback: load 00007ffaa3ff0000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1727130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1728130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa3ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1729130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1730130c.2260: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1731130c.2260: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\System32\oleaut32.dll'
1732130c.2260: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sxs.dll)
1733130c.2260: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sxs.dll
1734130c.2260: supR3HardenedDllNotificationCallback: load 00007ffad0d30000 LB 0x00098000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0]
1735130c.2260: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
1736130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1737130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1738130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sxs.dll'
1739130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1740130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1741130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\system32\OLEAUT32.dll'
1742130c.1f0c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1743130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1744130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1745130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3640000 'C:\Windows\system32\gdi32.dll'
1746130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3480000 'C:\Windows\system32\user32.dll'
1747130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1748130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1749130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1750130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b68 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
1751130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
1752130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
1753130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=030BB80F5AC7982FF01AB351589D64E6D4167B3E
1754130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1755130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1756130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
1757130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1758130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1759130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
1760130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
1761130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd2d1.dll'.
1762130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
1763130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
1764130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
1765130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
1766130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
1767130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
1768130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1769130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1770130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1771130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
1772130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
1773130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
1774130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
1775130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1776130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1777130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1778130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1779130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1780130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1781130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
1782130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
1783130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
1784130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'...
1785130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume4\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008]
1786130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb0 pwszName=\Device\HarddiskVolume4\Windows\System32\d2d1.dll
1787130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
1788130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
1789130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA1A7323788F698339FF353F1BA100EF7C556D74
1790130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
1791130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
1792130c.1f0c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
1793130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1794130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1795130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
1796130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
1797130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1798130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1799130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1800130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1801130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1802130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1803130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1804130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1805130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\d2d1.dll'
1806130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1807130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1808130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d2d1.dll) WinVerifyTrust
1809130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d2d1.dll
1810130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1811130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1812130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
1813130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1814130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1815130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1816130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1817130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
1818130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
1819130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
1820130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
1821130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1822130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1823130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
1824130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1825130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1826130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1827130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
1828130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d2d1.dll
1829130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
1830130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
1831130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
1832130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac5e50000 LB 0x00545000 C:\Windows\system32\d2d1.dll [fFlags=0x0]
1833130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d2d1.dll
1834130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacdd50000 LB 0x0009c000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
1835130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
1836130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacddf0000 LB 0x002a3000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
1837130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
1838130c.1f0c: supR3HardenedDllNotificationCallback: load 00007fface760000 LB 0x000d1000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
1839130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
1840130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffabc800000 LB 0x00046000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
1841130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
1842130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabc800000 'C:\Windows\system32\dataexchange.dll'
1843130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1844130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1845130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'
1846130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1847130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'userenv.dll'.
1848130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcrypt.dll'.
1849130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
1850130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
1851130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
1852130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
1853130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacefa0000 LB 0x000ee000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
1854130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
1855130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1856130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1857130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
1858130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1859130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1860130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1861130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1862130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1863130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
1864130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
1865130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
1866130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
1867130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1868130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1869130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1870130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1871130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
1872130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [redoing WinVerifyTrust]
1873130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
1874130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1875130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1876130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1877130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
1878130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1879130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3b50000 'C:\Windows\system32\MSCTF.dll'
1880130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1881130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1882130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1883130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1884130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1885130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1886130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1887130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1888130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1889130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1890130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1891130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1892130c.1f0c: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [redir]
1893130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [redoing WinVerifyTrust]
1894130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1895130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1896130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
1897130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1898130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac4560000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
1899130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1900130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1901130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\SYSTEM32\WINMM.dll'
1902130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1903130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1904130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1905130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1906130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1907130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1908130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1909130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1910130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1911130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1912130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1913130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1914130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1915130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1916130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1917130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1918130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaceee0000 'C:\Windows\system32/uxtheme.dll'
1919130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1920130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1921130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1922130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1923130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1924130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1925130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1926130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1927130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1928130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1929130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
1930130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1931130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1932130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1933130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1934130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1935130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
1936130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
1937130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1938130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1939130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1940130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1941130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1942130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1943130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1944130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1945130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
1946130c.1f0c: supR3HardenedDllNotificationCallback: load 00007fface160000 LB 0x00183000 C:\Windows\system32\propsys.dll [fFlags=0x0]
1947130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
1948130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fface160000 'C:\Windows\system32\propsys.dll'
1949130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll [redoing WinVerifyTrust]
1950130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1951130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1952130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
1953130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Windows.Storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1954130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad11d0000 'C:\Windows\system32\Windows.Storage.dll'
1955130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
1956130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1957130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad11d0000 'C:\Windows\system32\windows.storage.dll'
1958130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1959130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1960130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1961130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
1962130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
1963130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll) WinVerifyTrust
1964130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
1965130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1966130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1967130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1968130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1969130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1970130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1971130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1972130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
1973130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac02e0000 LB 0x00274000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll [fFlags=0x0]
1974130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
1975130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll'
1976130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
1977130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1978130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll'
1979130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1980130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1981130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
1982130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll)
1983130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll
1984130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacac00000 LB 0x001b2000 C:\Windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
1985130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
1986130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1987130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1988130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
1989130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1990130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1991130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1992130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1993130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
1994130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
1995130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll'
1996130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\System32\shell32.dll'
1997130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\System32\shell32.dll'
1998130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
1999130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
2000130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaced60000 LB 0x00078000 C:\Windows\SYSTEM32\apphelp.dll [fFlags=0x0]
2001130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [avoiding WinVerifyTrust]
2002130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e1c pwszName=\Device\HarddiskVolume4\Windows\System32\apphelp.dll
2003130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2004130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2005130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=54A8D49732D327F780234E47407FD91AB77B632A
2006130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2007130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2008130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\apphelp.dll'
2009130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2010130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\apphelp.dll'
2011130c.1f0c: \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 0b f4 b7 b3 5e f7 a4 6b ab 0b 7c 99 e9 03 00 00)
2012130c.1f0c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll)
2013130c.1f0c: Error (rc=0):
2014130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'.
2015130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
2016130c.1f0c: Error (rc=0):
2017130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190
2018130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'
2019130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
2020130c.1f0c: Error (rc=0):
2021130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
2022130c.1f0c: Error (rc=0):
2023130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190
2024130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'
2025130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
2026130c.1f0c: Error (rc=0):
2027130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
2028130c.1f0c: Error (rc=0):
2029130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190
2030130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'
2031130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
2032130c.1f0c: Error (rc=0):
2033130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
2034130c.1f0c: Error (rc=0):
2035130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190
2036130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'
2037130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
2038130c.1f0c: Error (rc=0):
2039130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume4\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
2040130c.1f0c: Error (rc=0):
2041130c.1f0c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll' (C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll): rcNt=0xc0000190
2042130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Zachary Burns\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll'
2043130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d20 pwszName=\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
2044130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2045130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2046130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71E11A131CDF3E69651FC99A41A71D0B0DE9672D
2047130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2048130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2049130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-drivers~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll'
2050130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2051130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2052130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2053130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2054130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2055130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2056130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2057130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
2058130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
2059130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'.
2060130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'.
2061130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\EhStorShell.dll) WinVerifyTrust
2062130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
2063130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2064130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2065130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2066130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2067130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
2068130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2069130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
2070130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
2071130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2072130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
2073130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
2074130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comctl32.dll [redoing WinVerifyTrust]
2075130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2076130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2077130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2078130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2079130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2080130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2081130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2082130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2083130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2084130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'
2085130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2086130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2087130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
2088130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2089130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
2090130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2091130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2092130c.1f0c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
2093130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2094130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2095130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
2096130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2097130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2098130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2099130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2100130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2101130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2102130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2103130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2104130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2105130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
2106130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2107130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2108130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2109130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2110130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2111130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
2112130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffad3890000 LB 0x001c5000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2113130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2114130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8be0000 LB 0x00037000 C:\Windows\System32\EhStorShell.dll [fFlags=0x0]
2115130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
2116130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8be0000 'C:\Windows\System32\EhStorShell.dll'
2117130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\EhStorShell.dll
2118130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2119130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8be0000 'C:\Windows\System32\EhStorShell.dll'
2120130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e04 pwszName=\Device\HarddiskVolume4\Windows\System32\cscui.dll
2121130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2122130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2123130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E64571B9529C5C26824687EDDD20704860318470
2124130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2125130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2126130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-UI-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\cscui.dll'
2127130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2128130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2129130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'propsys.dll'.
2130130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
2131130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2132130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
2133130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cscdll.dll'.
2134130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
2135130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cscui.dll) WinVerifyTrust
2136130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cscui.dll
2137130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2138130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2139130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cscdll.dll'...
2140130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cscdll.dll' -> '\Device\HarddiskVolume4\Windows\System32\cscdll.dll' [rcNtRedir=0xc0150008]
2141130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e08 pwszName=\Device\HarddiskVolume4\Windows\System32\cscdll.dll
2142130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2143130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2144130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF8F6BC6D7190460FA0E3467AE0519E1B041C365
2145130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2146130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2147130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\cscdll.dll'
2148130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2149130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2150130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cscdll.dll) WinVerifyTrust
2151130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cscdll.dll
2152130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2153130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2154130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2155130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2156130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
2157130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2158130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2159130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2160130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2161130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
2162130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2163130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2164130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2165130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2166130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscui.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2167130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll
2168130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscdll.dll
2169130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8bd0000 LB 0x0000d000 C:\Windows\System32\CSCDLL.dll [fFlags=0x0]
2170130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscdll.dll
2171130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8030000 LB 0x000c4000 C:\Windows\System32\cscui.dll [fFlags=0x0]
2172130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll
2173130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
2174130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2175130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll'
2176130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8030000 'C:\Windows\System32\cscui.dll'
2177130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cscui.dll
2178130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscui.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2179130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8030000 'C:\Windows\System32\cscui.dll'
2180130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2181130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shell32.dll'.
2182130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2183130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2184130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2185130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2186130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
2187130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'mpr.dll'.
2188130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcrt.dll'.
2189130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll) WinVerifyTrust
2190130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll
2191130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2192130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2193130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
2194130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
2195130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2196130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2197130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll) WinVerifyTrust
2198130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
2199130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2200130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2201130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
2202130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2203130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2204130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
2205130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2206130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2207130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2208130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2209130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2210130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2211130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2212130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2213130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2214130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll
2215130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll
2216130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffacfe20000 LB 0x0001c000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
2217130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll
2218130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab7fd0000 LB 0x00052000 C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [fFlags=0x0]
2219130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll
2220130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab7fd0000 'C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll'
2221130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume4\Windows\System32\mssprxy.dll
2222130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2223130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2224130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=246789B7D75DFAD08D941EC92596C38786199961
2225130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2226130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2227130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_218_for_KB3081444~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\mssprxy.dll'
2228130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2229130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2230130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2231130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2232130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mssprxy.dll) WinVerifyTrust
2233130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mssprxy.dll
2234130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2235130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2236130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2237130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2238130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2239130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2240130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2241130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mssprxy.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2242130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mssprxy.dll
2243130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab83d0000 LB 0x00023000 C:\Windows\system32\mssprxy.dll [fFlags=0x0]
2244130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mssprxy.dll
2245130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab83d0000 'C:\Windows\system32\mssprxy.dll'
2246130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\System32\shell32.dll'
2247130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d2c pwszName=\Device\HarddiskVolume4\Windows\System32\thumbcache.dll
2248130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2249130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2250130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1DBC107C40D287802EBE6D2F04AED2B6BC21C52
2251130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2252130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2253130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\thumbcache.dll'
2254130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2255130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2256130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shcore.dll'.
2257130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
2258130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\thumbcache.dll) WinVerifyTrust
2259130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
2260130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2261130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2262130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2263130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2264130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
2265130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2266130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2267130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2268130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
2269130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffab8f80000 LB 0x0004b000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
2270130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
2271130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll
2272130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2273130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac02e0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\comctl32.dll'
2274130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab8f80000 'C:\Windows\System32\thumbcache.dll'
2275130c.1f0c: '\Device\HarddiskVolume4\Windows\System32\imageres.dll' has no imports
2276130c.1f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\imageres.dll)
2277130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imageres.dll
2278130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\imageres.dll [avoiding WinVerifyTrust]
2279130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ebc pwszName=\Device\HarddiskVolume4\Windows\System32\imageres.dll
2280130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2281130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2282130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4623A580B03375E478409EF57299A63413828324
2283130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2284130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2285130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\imageres.dll'
2286130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2287130c.1f0c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imageres.dll'
2288130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
2289130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
2290130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
2291130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2292130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3df0000 'C:\Windows\system32\ole32.dll'
2293130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\system32\OLEAUT32.dll'
2294130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb8 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2295130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2296130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2297130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA7BAB6C49E4A06208A6E0EE146D0A4385100231
2298130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2299130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2300130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
2301130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2302130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2303130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2304130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2305130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2306130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2307130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2308130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2309130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c58 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2310130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2311130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2312130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8589CB867869E61D2D0DD902D9F24828D41B3FB4
2313130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2314130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2315130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
2316130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2317130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2318130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
2319130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
2320130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
2321130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2322130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2323130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2324130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2325130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2326130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2327130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2328130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2329130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2330130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2331130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2332130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
2333130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2334130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2335130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2336130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2337130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2338130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaca3c0000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2339130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2340130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffaca450000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2341130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2342130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2343130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1900000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2344130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca450000 'C:\Windows\system32\wbem\wbemprox.dll'
2345130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f04 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2346130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2347130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2348130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F55A40FEDA5AB0854F7A2A7AE88B827B3F76303B
2349130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2350130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2351130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
2352130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2353130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2354130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2355130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2356130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2357130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2358130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2359130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2360130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2361130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2362130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2363130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac9980000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2364130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2365130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9980000 'C:\Windows\system32\wbem\wbemsvc.dll'
2366130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2367130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1900000 'api-ms-win-core-localization-l1-2-0.dll'
2368130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2369130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1900000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2370130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f08 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2371130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2372130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2373130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E360AD530F1A62ACF9003C6FE3BA6BBD7638D488
2374130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2375130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2376130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
2377130c.1f0c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2378130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2379130c.1f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2380130c.1f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2381130c.1f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2382130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2383130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2384130c.1f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2385130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2386130c.1f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2387130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2388130c.1f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2389130c.1f0c: supR3HardenedDllNotificationCallback: load 00007ffac9e20000 LB 0x000f8000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2390130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2391130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9e20000 'C:\Windows\system32\wbem\fastprox.dll'
2392130c.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2393130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2394130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2395130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2396130c.2150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2397130c.2150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2398130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2399130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2400130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2401130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2402130c.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2403130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2404130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2405130c.2150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2406130c.2150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2407130c.2150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2408130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2409130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2410130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2411130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2412130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2413130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2414130c.2150: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2415130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2416130c.2150: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2417130c.2150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2418130c.2150: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2419130c.2150: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2420130c.2150: supR3HardenedDllNotificationCallback: load 0000000068760000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2421130c.2150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2422130c.2150: supR3HardenedDllNotificationCallback: load 00007ffaa5e70000 LB 0x00293000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2423130c.2150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2424130c.2150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa5e70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2425130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2426130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2427130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys)
2428130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys
2429130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
2430130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2431130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys)
2432130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys
2433130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
2434130c.1794: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
2435130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
2436130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
2437130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys)
2438130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys
2439130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
2440130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2441130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2442130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2443130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys)
2444130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys
2445130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
2446130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2447130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2448130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys'.
2449130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2450130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2451130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
2452130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys)
2453130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\netio.sys
2454130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2455130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2456130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys'.
2457130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2458130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2459130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2460130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'.
2461130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys)
2462130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys
2463130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2464130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2465130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe'.
2466130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'.
2467130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'.
2468130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
2469130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
2470130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'.
2471130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'.
2472130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe)
2473130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe
2474130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2475130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2476130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2477130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2478130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2479130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
2480130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2481130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2482130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2483130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2484130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2485130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2486130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
2487130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
2488130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
2489130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume4\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
2490130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ci.dll'.
2491130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2492130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2493130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ci.dll)
2494130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ci.dll
2495130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2496130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume4\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2497130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kdcom.dll'.
2498130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2499130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2500130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kdcom.dll)
2501130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kdcom.dll
2502130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
2503130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume4\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
2504130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL'.
2505130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2506130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL)
2507130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL
2508130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2509130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume4\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2510130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\PSHED.DLL'.
2511130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2512130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2513130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\PSHED.DLL)
2514130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\PSHED.DLL
2515130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2516130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2517130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\hal.dll'.
2518130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2519130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
2520130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
2521130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\hal.dll)
2522130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\hal.dll
2523130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'...
2524130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008]
2525130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys'.
2526130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2527130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys)
2528130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys
2529130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2530130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2531130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
2532130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2533130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2534130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
2535130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2536130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2537130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2538130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
2539130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
2540130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys'.
2541130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2542130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys)
2543130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys
2544130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2545130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2546130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
2547130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2548130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2549130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2550130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2551130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2552130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2553130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2554130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2555130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2556130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2557130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume4\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2558130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
2559130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2560130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume4\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2561130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
2562130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2563130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2564130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2565130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2566130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2567130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
2568130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2569130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2570130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2571130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2572130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2573130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2574130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2575130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2576130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
2577130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2578130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2579130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2580130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2581130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2582130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
2583130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2584130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2585130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2586130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2587130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys'
2588130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2589130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys'
2590130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2591130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys'
2592130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2593130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys'
2594130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2595130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2596130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys'
2597130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2598130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2599130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\WppRecorder.sys'
2600130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2601130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2602130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\hal.dll'
2603130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2604130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2605130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\PSHED.DLL'
2606130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2607130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2608130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL'
2609130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2610130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2611130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kdcom.dll'
2612130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2613130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2614130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ci.dll'
2615130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2616130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2617130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe'
2618130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2619130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2620130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys'
2621130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2622130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2623130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys'
2624130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cbc pwszName=\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
2625130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2626130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2627130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=695CB5D234E33829E3320DD8DE835DE7D1459933
2628130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2629130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2630130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_379_for_KB3097617~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll'
2631130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2632130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2633130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
2634130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'ws2_32.dll'.
2635130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'netsetupapi.dll'.
2636130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'setupapi.dll'.
2637130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll) WinVerifyTrust
2638130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
2639130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2640130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2641130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2642130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
2643130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
2644130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2645130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2646130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2647130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2648130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll) WinVerifyTrust
2649130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
2650130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2651130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2652130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2653130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2654130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2655130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2656130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2657130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2658130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2659130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2660130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2661130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2662130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
2663130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
2664130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac8750000 LB 0x0001d000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
2665130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
2666130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac8770000 LB 0x00063000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
2667130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
2668130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac8770000 'C:\Windows\System32\NetSetupShim.dll'
2669130c.1e90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2670130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2671130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2672130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2673130c.1e90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2674130c.1e90: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2675130c.1e90: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2676130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2677130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2678130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2679130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2680130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2681130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2682130c.1e90: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2683130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2684130c.1e90: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2685130c.1e90: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2686130c.1e90: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2687130c.1e90: supR3HardenedDllNotificationCallback: load 00007ffad09d0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2688130c.1e90: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2689130c.1e90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad09d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2690130c.13e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2691130c.13e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2692130c.13e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2693130c.13e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2694130c.13e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2695130c.13e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2696130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2697130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2698130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2699130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2700130c.13e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
2701130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2702130c.13e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2703130c.13e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2704130c.13e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2705130c.13e0: supR3HardenedDllNotificationCallback: load 00007ffac91e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2706130c.13e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2707130c.13e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac91e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2708130c.acc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2709130c.acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2710130c.acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2711130c.acc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2712130c.acc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2713130c.acc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2714130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2715130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2716130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2717130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2718130c.acc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
2719130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2720130c.acc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2721130c.acc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2722130c.acc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2723130c.acc: supR3HardenedDllNotificationCallback: load 00007ffac8c30000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2724130c.acc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2725130c.acc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac8c30000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2726130c.1450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2727130c.1450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2728130c.1450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2729130c.1450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2730130c.1450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2731130c.1450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2732130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2733130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2734130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2735130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2736130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2737130c.1450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2738130c.1450: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2739130c.1450: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2740130c.1450: supR3HardenedDllNotificationCallback: load 00007ffac0960000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2741130c.1450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2742130c.1450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac0960000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2743130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32/Shell32.dll'
2744130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2745130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2746130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2747130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2748130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2749130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2750130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2751130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2752130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2753130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2754130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2755130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2756130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2757130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2758130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2759130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2760130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2761130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2762130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2763130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2764130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
2765130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2766130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
2767130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2768130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2769130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
2770130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2771130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2772130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2773130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2774130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2775130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2776130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2777130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2778130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2779130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2780130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2781130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2782130c.1794: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'.
2783130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2784130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2785130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
2786130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
2787130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2788130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2789130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2790130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2791130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2792130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2793130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2794130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2795130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2796130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2797130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2798130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2799130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2800130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2801130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2802130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2803130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2804130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2805130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2806130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2807130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2808130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2809130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2810130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2811130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2812130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2813130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2814130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2815130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
2816130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2817130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2818130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2819130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2820130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2821130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2822130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2823130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2824130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2825130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2826130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2827130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2828130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
2829130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume4\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
2830130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001114 pwszName=\Device\HarddiskVolume4\Windows\System32\newdev.dll
2831130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2832130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2833130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=793D99A2656EF7BC8AE3D3DA54E1A198969B9F96
2834130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2835130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2836130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\newdev.dll'
2837130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2838130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2839130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
2840130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
2841130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'uxtheme.dll'.
2842130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'cfgmgr32.dll'.
2843130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'setupapi.dll'.
2844130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\newdev.dll) WinVerifyTrust
2845130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\newdev.dll
2846130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2847130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2848130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2849130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2850130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2851130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2852130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2853130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2854130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2855130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
2856130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2857130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2858130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2859130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2860130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2861130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
2862130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2863130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2864130c.1794: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
2865130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2866130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2867130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
2868130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2869130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2870130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2871130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2872130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
2873130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2874130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2875130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2876130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2877130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2878130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2879130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
2880130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
2881130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2882130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2883130c.1794: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\devrtl.dll)
2884130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devrtl.dll
2885130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac9830000 LB 0x00013000 C:\Windows\SYSTEM32\devrtl.DLL [fFlags=0x0]
2886130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2887130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaa9d90000 LB 0x00058000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0]
2888130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
2889130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaa9cb0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2890130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2891130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaa7a50000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2892130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2893130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacc710000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2894130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2895130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacc720000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2896130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
2897130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaa3700000 LB 0x008e2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2898130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2899130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa3700000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2900130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001164 pwszName=\Device\HarddiskVolume4\Windows\System32\devrtl.dll
2901130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2902130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2903130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4E1A7D70D0B4F04066620172BA9B8A3CADF2EF6
2904130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2905130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2906130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2907130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2908130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
2909130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2910130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
2911130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2912130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2913130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
2914130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2915130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
2916130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2917130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa3ff0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
2918130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2919130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2920130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2921130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7a50000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
2922130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2923130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2924130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2925130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2926130c.544: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2927130c.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2928130c.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2929130c.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2930130c.544: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2931130c.544: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2932130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2933130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2934130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2935130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2936130c.544: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2937130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2938130c.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2939130c.544: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2940130c.544: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2941130c.544: supR3HardenedDllNotificationCallback: load 00007ffac0950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2942130c.544: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2943130c.544: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac0950000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2944130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000120c pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
2945130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
2946130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
2947130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7FF2119E435E404AD007FD65DA8D286C1635ACA6
2948130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2949130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2950130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
2951130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2952130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2953130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
2954130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
2955130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
2956130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
2957130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
2958130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2959130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2960130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
2961130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2962130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2963130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2964130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2965130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2966130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2967130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2968130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
2969130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaa7320000 LB 0x0009c000 C:\Windows\system32\dsound.dll [fFlags=0x0]
2970130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
2971130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
2972130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2973130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7320000 'C:\Windows\system32\dsound.dll'
2974130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7320000 'C:\Windows\system32/dsound.dll'
2975130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2976130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2977130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2978130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
2979130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
2980130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
2981130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2982130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
2983130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2984130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2985130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
2986130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2987130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2988130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [redoing WinVerifyTrust]
2989130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
2990130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2991130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
2992130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
2993130c.1794: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll'
2994130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2995130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2996130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2997130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2998130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2999130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3000130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaca580000 LB 0x00072000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
3001130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3002130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca580000 'C:\Windows\System32\MMDevApi.dll'
3003130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3004130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3005130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca580000 'C:\Windows\system32\MMDEVAPI.DLL'
3006130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3007130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3008130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
3009130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001278 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3010130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
3011130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
3012130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83143779FC4D27950BF3BCBCD430201AA21D5678
3013130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
3014130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
3015130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
3016130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3017130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3018130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
3019130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
3020130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'winmm.dll'.
3021130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'avrt.dll'.
3022130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'mmdevapi.dll'.
3023130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
3024130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3025130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3026130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3027130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3028130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3029130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3030130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
3031130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
3032130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
3033130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
3034130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3035130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3036130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3037130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3038130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3039130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3040130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3041130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
3042130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
3043130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3044130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
3045130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
3046130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3047130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3048130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3049130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3050130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3051130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3052130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
3053130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
3054130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac9aa0000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
3055130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
3056130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac9a90000 LB 0x0000b000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
3057130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
3058130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacf6e0000 LB 0x00041000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
3059130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3060130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3061130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3062130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3063130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3064130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3065130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3066130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3067130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3068130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3069130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3070130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3071130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3072130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3073130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
3074130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
3075130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3076130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
3077130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
3078130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'mmdevapi.dll'.
3079130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
3080130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
3081130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3082130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3083130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3084130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3085130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3086130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3087130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3088130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3089130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3090130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3091130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
3092130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3093130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'.
3094130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
3095130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
3096130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
3097130c.1794: supR3HardenedDllNotificationCallback: load 00007ffaca600000 LB 0x00131000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
3098130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
3099130c.1794: supR3HardenedDllNotificationCallback: load 00007ffac2570000 LB 0x00085000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
3100130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
3101130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac2570000 'C:\Windows\system32\AUDIOSES.DLL'
3102130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3103130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3104130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3105130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3106130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
3107130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3108130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3109130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
3110130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
3111130c.1794: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
3112130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3113130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3114130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3115130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3116130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3117130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3118130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3119130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3120130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3121130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3122130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3123130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3124130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf6e0000 'C:\Windows\system32\wdmaud.drv'
3125130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fe8 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
3126130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
3127130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
3128130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EAA362874D7E19DE11B8B4782838AD2981FC207
3129130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
3130130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
3131130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
3132130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3133130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3134130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
3135130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
3136130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
3137130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
3138130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
3139130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3140130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3141130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3142130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3143130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3144130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3145130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3146130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
3147130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
3148130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3149130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
3150130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3151130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3152130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3153130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3154130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3155130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3156130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3157130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3158130c.1794: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
3159130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3160130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3161130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3162130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacf6c0000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
3163130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3164130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacf980000 LB 0x0000c000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
3165130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3166130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
3167130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3168130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3169130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
3170130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3171130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3172130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
3173130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3174130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3175130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
3176130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3177130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3178130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
3179130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3180130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3181130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
3182130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3183130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3184130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
3185130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
3186130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
3187130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf980000 'C:\Windows\system32\msacm32.drv'
3188130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012cc pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
3189130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ec0cc0
3190130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ec0cc0
3191130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96AFFE7289EA0FE318F97A9F3C88DF66DCB2B4F6
3192130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad00b0000 'C:\Windows\system32\rsaenh.dll'
3193130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1000000 'C:\Windows\system32\crypt32.dll'
3194130c.1794: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
3195130c.1794: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3196130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3197130c.1794: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
3198130c.1794: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
3199130c.1794: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
3200130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3201130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3202130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3203130c.1794: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3204130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3205130c.1794: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3206130c.1794: supR3HardenedDllNotificationCallback: load 00007ffacf970000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0]
3207130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3208130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll'
3209130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3210130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3211130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll'
3212130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3213130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3214130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll'
3215130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3216130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3217130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacf970000 'C:\Windows\system32\midimap.dll'
3218130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
3219130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
3220130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
3221130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
3222130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
3223130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3224130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3225130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
3226130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3227130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3228130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaa7320000 'C:\Windows\System32\dsound.dll'
3229130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
3230130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
3231130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffacec90000 'C:\Windows\system32\winmm.dll'
3232130c.1794: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
3233130c.1794: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3234130c.1794: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4420000 'C:\Windows\system32/kernel32.dll'
3235130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3f40000 'C:\Windows\system32\OLEAUT32.DLL'
3236130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
3237130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3238130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3b50000 'C:\Windows\system32\msctf.dll'
3239130c.1f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
3240130c.1f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3241130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad3b50000 'C:\Windows\system32\msctf.dll'
3242130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
3243130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
3244130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
3245130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
3246130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
3247130c.1f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad1cc0000 'C:\Windows\system32\shell32.dll'
3248130c.544: supR3HardenedDllNotificationCallback: Unload 00007ffac0950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3249130c.1450: supR3HardenedDllNotificationCallback: Unload 00007ffac0960000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3250130c.acc: supR3HardenedDllNotificationCallback: Unload 00007ffac8c30000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3251130c.13e0: supR3HardenedDllNotificationCallback: Unload 00007ffac91e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3252130c.1e90: supR3HardenedDllNotificationCallback: Unload 00007ffad09d0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3253130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa3700000 LB 0x008e2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
3254130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa9cb0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
3255130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa9d90000 LB 0x00058000 C:\Windows\SYSTEM32\newdev.dll [flags=0x0]
3256130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffac9830000 LB 0x00013000 C:\Windows\SYSTEM32\devrtl.DLL [flags=0x0]
3257130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffaa7a50000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
3258130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffacc720000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
3259130c.1794: supR3HardenedDllNotificationCallback: Unload 00007ffacc710000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [flags=0x0]
3260130c.1f0c: Terminating the normal way: rcExit=0
326117d4.18f8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 55329 ms, the end);
32621e00.2090: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 55722 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy