VirtualBox

Ticket #14900: VBoxHardening.log

File VBoxHardening.log, 376.6 KB (added by MikhailRokhin, 9 years ago)
Line 
13320.23b4: Log file opened: 5.0.10r104061 g_hStartupLog=000000000000001c g_uNtVerCombined=0x63258000
23320.23b4: \SystemRoot\System32\ntdll.dll:
33320.23b4: CreationTime: 2015-09-18T17:09:41.651219800Z
43320.23b4: LastWriteTime: 2015-08-07T21:40:29.476583000Z
53320.23b4: ChangeTime: 2015-11-11T10:19:46.280698800Z
63320.23b4: FileAttributes: 0x20
73320.23b4: Size: 0x1a7f48
83320.23b4: NT Headers: 0xd8
93320.23b4: Timestamp: 0x55c4c16b
103320.23b4: Machine: 0x8664 - amd64
113320.23b4: Timestamp: 0x55c4c16b
123320.23b4: Image Version: 6.3
133320.23b4: SizeOfImage: 0x1ac000 (1753088)
143320.23b4: Resource Dir: 0x148000 LB 0x62450
153320.23b4: ProductName: Microsoft® Windows® Operating System
163320.23b4: ProductVersion: 6.3.9600.18007
173320.23b4: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
183320.23b4: FileDescription: NT Layer DLL
193320.23b4: \SystemRoot\System32\kernel32.dll:
203320.23b4: CreationTime: 2014-11-18T22:32:16.085463000Z
213320.23b4: LastWriteTime: 2014-10-29T04:09:24.572407200Z
223320.23b4: ChangeTime: 2015-10-17T17:49:48.696769200Z
233320.23b4: FileAttributes: 0x20
243320.23b4: Size: 0x13fc30
253320.23b4: NT Headers: 0xf8
263320.23b4: Timestamp: 0x545054ca
273320.23b4: Machine: 0x8664 - amd64
283320.23b4: Timestamp: 0x545054ca
293320.23b4: Image Version: 6.3
303320.23b4: SizeOfImage: 0x13e000 (1302528)
313320.23b4: Resource Dir: 0x12e000 LB 0x518
323320.23b4: ProductName: Microsoft® Windows® Operating System
333320.23b4: ProductVersion: 6.3.9600.17415
343320.23b4: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
353320.23b4: FileDescription: Windows NT BASE API Client DLL
363320.23b4: \SystemRoot\System32\KernelBase.dll:
373320.23b4: CreationTime: 2015-09-18T17:09:41.596475400Z
383320.23b4: LastWriteTime: 2015-08-07T21:40:29.476583000Z
393320.23b4: ChangeTime: 2015-10-17T17:49:50.649993000Z
403320.23b4: FileAttributes: 0x20
413320.23b4: Size: 0x1150a0
423320.23b4: NT Headers: 0xf0
433320.23b4: Timestamp: 0x55c4c341
443320.23b4: Machine: 0x8664 - amd64
453320.23b4: Timestamp: 0x55c4c341
463320.23b4: Image Version: 6.3
473320.23b4: SizeOfImage: 0x115000 (1134592)
483320.23b4: Resource Dir: 0x110000 LB 0x3530
493320.23b4: ProductName: Microsoft® Windows® Operating System
503320.23b4: ProductVersion: 6.3.9600.18007
513320.23b4: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
523320.23b4: FileDescription: Windows NT BASE API Client DLL
533320.23b4: \SystemRoot\System32\apisetschema.dll:
543320.23b4: CreationTime: 2013-08-22T12:13:09.745625900Z
553320.23b4: LastWriteTime: 2013-08-22T12:35:12.091034400Z
563320.23b4: ChangeTime: 2014-11-07T06:18:16.831642700Z
573320.23b4: FileAttributes: 0x20
583320.23b4: Size: 0x11360
593320.23b4: NT Headers: 0xd0
603320.23b4: Timestamp: 0x52160049
613320.23b4: Machine: 0x8664 - amd64
623320.23b4: Timestamp: 0x52160049
633320.23b4: Image Version: 6.3
643320.23b4: SizeOfImage: 0x13000 (77824)
653320.23b4: Resource Dir: 0x11000 LB 0x3f8
663320.23b4: ProductName: Microsoft® Windows® Operating System
673320.23b4: ProductVersion: 6.3.9600.16384
683320.23b4: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
693320.23b4: FileDescription: ApiSet Schema DLL
703320.23b4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
713320.23b4: supR3HardenedWinFindAdversaries: 0x3
723320.23b4: \SystemRoot\System32\drivers\SysPlant.sys:
733320.23b4: CreationTime: 2014-11-08T08:44:57.530166600Z
743320.23b4: LastWriteTime: 2014-11-08T08:44:57.546176800Z
753320.23b4: ChangeTime: 2014-11-08T08:44:57.546176800Z
763320.23b4: FileAttributes: 0x20
773320.23b4: Size: 0x26f40
783320.23b4: NT Headers: 0x100
793320.23b4: Timestamp: 0x5413cb4e
803320.23b4: Machine: 0x8664 - amd64
813320.23b4: Timestamp: 0x5413cb4e
823320.23b4: Image Version: 5.0
833320.23b4: SizeOfImage: 0x2d000 (184320)
843320.23b4: Resource Dir: 0x2b000 LB 0x498
853320.23b4: ProductName: Symantec CMC Firewall
863320.23b4: ProductVersion: 12.1.5337.5000
873320.23b4: FileVersion: 12.1.5337.5000
883320.23b4: FileDescription: Symantec CMC Firewall SysPlant
893320.23b4: \SystemRoot\System32\sysfer.dll:
903320.23b4: CreationTime: 2014-11-08T08:44:57.353047900Z
913320.23b4: LastWriteTime: 2014-11-08T08:44:57.404082300Z
923320.23b4: ChangeTime: 2014-11-08T08:44:57.404082300Z
933320.23b4: FileAttributes: 0x20
943320.23b4: Size: 0x70f60
953320.23b4: NT Headers: 0xe8
963320.23b4: Timestamp: 0x5413cb55
973320.23b4: Machine: 0x8664 - amd64
983320.23b4: Timestamp: 0x5413cb55
993320.23b4: Image Version: 0.0
1003320.23b4: SizeOfImage: 0x88000 (557056)
1013320.23b4: Resource Dir: 0x86000 LB 0x630
1023320.23b4: ProductName: Symantec CMC Firewall
1033320.23b4: ProductVersion: 12.1.5337.5000
1043320.23b4: FileVersion: 12.1.5337.5000
1053320.23b4: FileDescription: Symantec CMC Firewall sysfer
1063320.23b4: \SystemRoot\System32\drivers\symevent64x86.sys:
1073320.23b4: CreationTime: 2014-11-08T08:46:23.891600000Z
1083320.23b4: LastWriteTime: 2014-11-08T08:46:23.873588100Z
1093320.23b4: ChangeTime: 2014-11-08T08:46:23.873588100Z
1103320.23b4: FileAttributes: 0x20
1113320.23b4: Size: 0x2b658
1123320.23b4: NT Headers: 0xe8
1133320.23b4: Timestamp: 0x51f32ff2
1143320.23b4: Machine: 0x8664 - amd64
1153320.23b4: Timestamp: 0x51f32ff2
1163320.23b4: Image Version: 6.0
1173320.23b4: SizeOfImage: 0x38000 (229376)
1183320.23b4: Resource Dir: 0x36000 LB 0x3c8
1193320.23b4: ProductName: SYMEVENT
1203320.23b4: ProductVersion: 12.9.5.2
1213320.23b4: FileVersion: 12.9.5.2
1223320.23b4: FileDescription: Symantec Event Library
1233320.23b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1243320.23b4: Calling main()
1253320.23b4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1263320.23b4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1273320.23b4: SUPR3HardenedMain: Respawn #1
1283320.23b4: System32: \Device\HarddiskVolume4\Windows\System32
1293320.23b4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1303320.23b4: KnownDllPath: C:\WINDOWS\system32
1313320.23b4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1323320.23b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1333320.23b4: supR3HardNtEnableThreadCreation:
1343320.23b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff17e18ec0 pvNtTerminateThread=00007fff17e91700
1353320.23b4: supR3HardenedWinDoReSpawn(1): New child 2074.3d68 [kernel32].
1363320.23b4: supR3HardNtChildGatherData: PebBaseAddress=00007ff722293000 cbPeb=0x388
1373320.23b4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff17e00000 uNtDllChildAddr=00007fff17e00000
1383320.23b4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff17e18ec0
1393320.23b4: supR3HardenedWinSetupChildInit: Start child.
1403320.23b4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1413320.23b4: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 59 sleeps
1423320.23b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1433320.23b4: *0000000000000000-ffffffffff81ffff 0x0001/0x0000 0x0000000
1443320.23b4: *00000000007e0000-00000000007bffff 0x0004/0x0004 0x0020000
1453320.23b4: *0000000000800000-00000000007f0fff 0x0002/0x0002 0x0040000
1463320.23b4: 000000000080f000-000000000080dfff 0x0001/0x0000 0x0000000
1473320.23b4: *0000000000810000-0000000000713fff 0x0000/0x0004 0x0020000
1483320.23b4: 000000000090c000-0000000000908fff 0x0104/0x0004 0x0020000
1493320.23b4: 000000000090f000-000000000090dfff 0x0004/0x0004 0x0020000
1503320.23b4: *0000000000910000-000000000090bfff 0x0002/0x0002 0x0040000
1513320.23b4: 0000000000914000-0000000000907fff 0x0001/0x0000 0x0000000
1523320.23b4: *0000000000920000-000000000091dfff 0x0004/0x0004 0x0020000
1533320.23b4: 0000000000922000-ffffffff81263fff 0x0001/0x0000 0x0000000
1543320.23b4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1553320.23b4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1563320.23b4: 000000007fff0000-ffff8009ddd6ffff 0x0001/0x0000 0x0000000
1573320.23b4: *00007ff722270000-00007ff72224cfff 0x0002/0x0002 0x0040000
1583320.23b4: *00007ff722293000-00007ff722291fff 0x0004/0x0004 0x0020000
1593320.23b4: 00007ff722294000-00007ff722289fff 0x0001/0x0000 0x0000000
1603320.23b4: *00007ff72229e000-00007ff72229bfff 0x0004/0x0004 0x0020000
1613320.23b4: 00007ff7222a0000-00007ff721bcffff 0x0001/0x0000 0x0000000
1623320.23b4: *00007ff722970000-00007ff722970fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1633320.23b4: 00007ff722971000-00007ff7229f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1643320.23b4: 00007ff7229f8000-00007ff7229f8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1653320.23b4: 00007ff7229f9000-00007ff722a43fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1663320.23b4: 00007ff722a44000-00007ff722a44fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1673320.23b4: 00007ff722a45000-00007ff722a45fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1683320.23b4: 00007ff722a46000-00007ff722a4afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1693320.23b4: 00007ff722a4b000-00007ff722a4bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1703320.23b4: 00007ff722a4c000-00007ff722a4cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1713320.23b4: 00007ff722a4d000-00007ff722a50fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1723320.23b4: 00007ff722a51000-00007ff722a9bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1733320.23b4: 00007ff722a9c000-00007ff722a97fff 0x0001/0x0000 0x0000000
1743320.23b4: *00007ff722aa0000-00007ff722a9efff 0x0040/0x0040 0x0020000 !!
1753320.23b4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff722aa0000 (LB 0x1000, 00007ff722aa0000 LB 0x1000)
1763320.23b4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff722aa0000/00007ff722aa0000 LB 0/0x1000]
1773320.23b4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff722aa0000 LB 0x7f5360000 s=0x10000 ap=0x0 rp=0x00000000000001
1783320.23b4: 00007ff722aa1000-00007fef2d741fff 0x0001/0x0000 0x0000000
1793320.23b4: *00007fff17e00000-00007fff17e00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1803320.23b4: 00007fff17e01000-00007fff17f2cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1813320.23b4: 00007fff17f2d000-00007fff17f32fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1823320.23b4: 00007fff17f33000-00007fff17f3ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1833320.23b4: 00007fff17f40000-00007fff17f40fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1843320.23b4: 00007fff17f41000-00007fff17f43fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1853320.23b4: 00007fff17f44000-00007fff17f44fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1863320.23b4: 00007fff17f45000-00007fff17fabfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1873320.23b4: 00007fff17fac000-00007ffe2ff77fff 0x0001/0x0000 0x0000000
1883320.23b4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
1893320.23b4: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
1903320.23b4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1913320.23b4: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
1923320.23b4: 00007ff72297016a / 0x000016a: 00 != 13
1933320.23b4: 00007ff72297016c / 0x000016c: 00 != cc
1943320.23b4: 00007ff72297016d / 0x000016d: 00 != 01
1953320.23b4: 00007ff7229701c0 / 0x00001c0: 00 != cc
1963320.23b4: 00007ff7229701c1 / 0x00001c1: 00 != 01
1973320.23b4: 00007ff7229701c2 / 0x00001c2: 00 != 13
1983320.23b4: 00007ff7229701c4 / 0x00001c4: 00 != 20
1993320.23b4: Restored 0x400 bytes of original file content at 00007ff722970000
2003320.23b4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
2013320.23b4: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x3
2023320.23b4: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 59 sleeps
2033320.23b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2043320.23b4: *0000000000000000-ffffffffff81ffff 0x0001/0x0000 0x0000000
2053320.23b4: *00000000007e0000-00000000007bffff 0x0004/0x0004 0x0020000
2063320.23b4: *0000000000800000-00000000007f0fff 0x0002/0x0002 0x0040000
2073320.23b4: 000000000080f000-000000000080dfff 0x0001/0x0000 0x0000000
2083320.23b4: *0000000000810000-0000000000713fff 0x0000/0x0004 0x0020000
2093320.23b4: 000000000090c000-0000000000908fff 0x0104/0x0004 0x0020000
2103320.23b4: 000000000090f000-000000000090dfff 0x0004/0x0004 0x0020000
2113320.23b4: *0000000000910000-000000000090bfff 0x0002/0x0002 0x0040000
2123320.23b4: 0000000000914000-0000000000907fff 0x0001/0x0000 0x0000000
2133320.23b4: *0000000000920000-000000000091dfff 0x0004/0x0004 0x0020000
2143320.23b4: 0000000000922000-ffffffff81263fff 0x0001/0x0000 0x0000000
2153320.23b4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2163320.23b4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2173320.23b4: 000000007fff0000-ffff8009ddd6ffff 0x0001/0x0000 0x0000000
2183320.23b4: *00007ff722270000-00007ff72224cfff 0x0002/0x0002 0x0040000
2193320.23b4: *00007ff722293000-00007ff722291fff 0x0004/0x0004 0x0020000
2203320.23b4: 00007ff722294000-00007ff722289fff 0x0001/0x0000 0x0000000
2213320.23b4: *00007ff72229e000-00007ff72229bfff 0x0004/0x0004 0x0020000
2223320.23b4: 00007ff7222a0000-00007ff721bcffff 0x0001/0x0000 0x0000000
2233320.23b4: *00007ff722970000-00007ff722970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2243320.23b4: 00007ff722971000-00007ff7229f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2253320.23b4: 00007ff7229f8000-00007ff7229f8fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2263320.23b4: 00007ff7229f9000-00007ff722a43fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2273320.23b4: 00007ff722a44000-00007ff722a50fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2283320.23b4: 00007ff722a51000-00007ff722a9bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2293320.23b4: 00007ff722a9c000-00007fef2d737fff 0x0001/0x0000 0x0000000
2303320.23b4: *00007fff17e00000-00007fff17e00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2313320.23b4: 00007fff17e01000-00007fff17f2cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2323320.23b4: 00007fff17f2d000-00007fff17f32fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2333320.23b4: 00007fff17f33000-00007fff17f3ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2343320.23b4: 00007fff17f40000-00007fff17f43fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2353320.23b4: 00007fff17f44000-00007fff17f44fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2363320.23b4: 00007fff17f45000-00007fff17fabfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
2373320.23b4: 00007fff17fac000-00007ffe2ff77fff 0x0001/0x0000 0x0000000
2383320.23b4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2393320.23b4: supR3HardNtChildPurify: Done after 1071 ms and 2 fixes (loop #1).
2403320.23b4: supR3HardNtEnableThreadCreation:
2412074.3d68: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
2422074.3d68: supR3HardenedVmProcessInit: uNtDllAddr=00007fff17e00000
2432074.3d68: ntdll.dll: timestamp 0x55c4c16b (rc=VINF_SUCCESS)
2442074.3d68: New simple heap: #1 0000000000a30000 LB 0x400000 (for 1753088 allocation)
2452074.3d68: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2462074.3d68: System32: \Device\HarddiskVolume4\Windows\System32
2472074.3d68: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
2482074.3d68: KnownDllPath: C:\WINDOWS\system32
2492074.3d68: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2502074.3d68: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2512074.3d68: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2522074.3d68: Registered Dll notification callback with NTDLL.
2532074.3d68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
2542074.3d68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
2552074.3d68: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
2562074.3d68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2572074.3d68: supR3HardenedDllNotificationCallback: load 00007fff15360000 LB 0x00115000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
2582074.3d68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
2592074.3d68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
2602074.3d68: supR3HardenedDllNotificationCallback: load 00007fff15880000 LB 0x0013e000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
2612074.3d68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2622074.3d68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15880000 'C:\WINDOWS\system32\KERNEL32.DLL'
2632074.3d68: supR3HardenedDllNotificationCallback: load 00007ff722970000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
2642074.3d68: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2652074.3d68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2662074.3d68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
2672074.3d68: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff17e18ec0 pvNtTerminateThread=00007fff17e91700
2683320.23b4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 74 ms.
2692074.3d68: \SystemRoot\System32\ntdll.dll:
2702074.3d68: CreationTime: 2015-09-18T17:09:41.651219800Z
2712074.3d68: LastWriteTime: 2015-08-07T21:40:29.476583000Z
2722074.3d68: ChangeTime: 2015-11-11T10:19:46.280698800Z
2732074.3d68: FileAttributes: 0x20
2742074.3d68: Size: 0x1a7f48
2752074.3d68: NT Headers: 0xd8
2762074.3d68: Timestamp: 0x55c4c16b
2772074.3d68: Machine: 0x8664 - amd64
2782074.3d68: Timestamp: 0x55c4c16b
2792074.3d68: Image Version: 6.3
2802074.3d68: SizeOfImage: 0x1ac000 (1753088)
2812074.3d68: Resource Dir: 0x148000 LB 0x62450
2822074.3d68: ProductName: Microsoft® Windows® Operating System
2832074.3d68: ProductVersion: 6.3.9600.18007
2842074.3d68: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
2852074.3d68: FileDescription: NT Layer DLL
2862074.3d68: \SystemRoot\System32\kernel32.dll:
2872074.3d68: CreationTime: 2014-11-18T22:32:16.085463000Z
2882074.3d68: LastWriteTime: 2014-10-29T04:09:24.572407200Z
2892074.3d68: ChangeTime: 2015-10-17T17:49:48.696769200Z
2902074.3d68: FileAttributes: 0x20
2912074.3d68: Size: 0x13fc30
2922074.3d68: NT Headers: 0xf8
2932074.3d68: Timestamp: 0x545054ca
2942074.3d68: Machine: 0x8664 - amd64
2952074.3d68: Timestamp: 0x545054ca
2962074.3d68: Image Version: 6.3
2972074.3d68: SizeOfImage: 0x13e000 (1302528)
2982074.3d68: Resource Dir: 0x12e000 LB 0x518
2992074.3d68: ProductName: Microsoft® Windows® Operating System
3002074.3d68: ProductVersion: 6.3.9600.17415
3012074.3d68: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
3022074.3d68: FileDescription: Windows NT BASE API Client DLL
3032074.3d68: \SystemRoot\System32\KernelBase.dll:
3042074.3d68: CreationTime: 2015-09-18T17:09:41.596475400Z
3052074.3d68: LastWriteTime: 2015-08-07T21:40:29.476583000Z
3062074.3d68: ChangeTime: 2015-10-17T17:49:50.649993000Z
3072074.3d68: FileAttributes: 0x20
3082074.3d68: Size: 0x1150a0
3092074.3d68: NT Headers: 0xf0
3102074.3d68: Timestamp: 0x55c4c341
3112074.3d68: Machine: 0x8664 - amd64
3122074.3d68: Timestamp: 0x55c4c341
3132074.3d68: Image Version: 6.3
3142074.3d68: SizeOfImage: 0x115000 (1134592)
3152074.3d68: Resource Dir: 0x110000 LB 0x3530
3162074.3d68: ProductName: Microsoft® Windows® Operating System
3172074.3d68: ProductVersion: 6.3.9600.18007
3182074.3d68: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
3192074.3d68: FileDescription: Windows NT BASE API Client DLL
3202074.3d68: \SystemRoot\System32\apisetschema.dll:
3212074.3d68: CreationTime: 2013-08-22T12:13:09.745625900Z
3222074.3d68: LastWriteTime: 2013-08-22T12:35:12.091034400Z
3232074.3d68: ChangeTime: 2014-11-07T06:18:16.831642700Z
3242074.3d68: FileAttributes: 0x20
3252074.3d68: Size: 0x11360
3262074.3d68: NT Headers: 0xd0
3272074.3d68: Timestamp: 0x52160049
3282074.3d68: Machine: 0x8664 - amd64
3292074.3d68: Timestamp: 0x52160049
3302074.3d68: Image Version: 6.3
3312074.3d68: SizeOfImage: 0x13000 (77824)
3322074.3d68: Resource Dir: 0x11000 LB 0x3f8
3332074.3d68: ProductName: Microsoft® Windows® Operating System
3342074.3d68: ProductVersion: 6.3.9600.16384
3352074.3d68: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
3362074.3d68: FileDescription: ApiSet Schema DLL
3372074.3d68: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3382074.3d68: supR3HardenedWinFindAdversaries: 0x3
3392074.3d68: \SystemRoot\System32\drivers\SysPlant.sys:
3402074.3d68: CreationTime: 2014-11-08T08:44:57.530166600Z
3412074.3d68: LastWriteTime: 2014-11-08T08:44:57.546176800Z
3422074.3d68: ChangeTime: 2014-11-08T08:44:57.546176800Z
3432074.3d68: FileAttributes: 0x20
3442074.3d68: Size: 0x26f40
3452074.3d68: NT Headers: 0x100
3462074.3d68: Timestamp: 0x5413cb4e
3472074.3d68: Machine: 0x8664 - amd64
3482074.3d68: Timestamp: 0x5413cb4e
3492074.3d68: Image Version: 5.0
3502074.3d68: SizeOfImage: 0x2d000 (184320)
3512074.3d68: Resource Dir: 0x2b000 LB 0x498
3522074.3d68: ProductName: Symantec CMC Firewall
3532074.3d68: ProductVersion: 12.1.5337.5000
3542074.3d68: FileVersion: 12.1.5337.5000
3552074.3d68: FileDescription: Symantec CMC Firewall SysPlant
3562074.3d68: \SystemRoot\System32\sysfer.dll:
3572074.3d68: CreationTime: 2014-11-08T08:44:57.353047900Z
3582074.3d68: LastWriteTime: 2014-11-08T08:44:57.404082300Z
3592074.3d68: ChangeTime: 2014-11-08T08:44:57.404082300Z
3602074.3d68: FileAttributes: 0x20
3612074.3d68: Size: 0x70f60
3622074.3d68: NT Headers: 0xe8
3632074.3d68: Timestamp: 0x5413cb55
3642074.3d68: Machine: 0x8664 - amd64
3652074.3d68: Timestamp: 0x5413cb55
3662074.3d68: Image Version: 0.0
3672074.3d68: SizeOfImage: 0x88000 (557056)
3682074.3d68: Resource Dir: 0x86000 LB 0x630
3692074.3d68: ProductName: Symantec CMC Firewall
3702074.3d68: ProductVersion: 12.1.5337.5000
3712074.3d68: FileVersion: 12.1.5337.5000
3722074.3d68: FileDescription: Symantec CMC Firewall sysfer
3732074.3d68: \SystemRoot\System32\drivers\symevent64x86.sys:
3742074.3d68: CreationTime: 2014-11-08T08:46:23.891600000Z
3752074.3d68: LastWriteTime: 2014-11-08T08:46:23.873588100Z
3762074.3d68: ChangeTime: 2014-11-08T08:46:23.873588100Z
3772074.3d68: FileAttributes: 0x20
3782074.3d68: Size: 0x2b658
3792074.3d68: NT Headers: 0xe8
3802074.3d68: Timestamp: 0x51f32ff2
3812074.3d68: Machine: 0x8664 - amd64
3822074.3d68: Timestamp: 0x51f32ff2
3832074.3d68: Image Version: 6.0
3842074.3d68: SizeOfImage: 0x38000 (229376)
3852074.3d68: Resource Dir: 0x36000 LB 0x3c8
3862074.3d68: ProductName: SYMEVENT
3872074.3d68: ProductVersion: 12.9.5.2
3882074.3d68: FileVersion: 12.9.5.2
3892074.3d68: FileDescription: Symantec Event Library
3902074.3d68: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3912074.3d68: Calling main()
3922074.3d68: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3932074.3d68: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3942074.3d68: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3952074.3d68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3962074.3d68: SUPR3HardenedMain: Respawn #2
3972074.3d68: supR3HardNtEnableThreadCreation:
3982074.3d68: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff17e18ec0 pvNtTerminateThread=00007fff17e91700
3992074.3d68: supR3HardenedWinDoReSpawn(2): New child be4.3cf0 [kernel32].
4002074.3d68: supR3HardNtChildGatherData: PebBaseAddress=00007ff7219ea000 cbPeb=0x388
4012074.3d68: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff17e00000 uNtDllChildAddr=00007fff17e00000
4022074.3d68: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff17e18ec0
4032074.3d68: supR3HardenedWinSetupChildInit: Start child.
4042074.3d68: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
4052074.3d68: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps
4062074.3d68: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4072074.3d68: *0000000000000000-ffffffffff3affff 0x0001/0x0000 0x0000000
4082074.3d68: *0000000000c50000-0000000000c2ffff 0x0004/0x0004 0x0020000
4092074.3d68: *0000000000c70000-0000000000c60fff 0x0002/0x0002 0x0040000
4102074.3d68: 0000000000c7f000-0000000000c7dfff 0x0001/0x0000 0x0000000
4112074.3d68: *0000000000c80000-0000000000b83fff 0x0000/0x0004 0x0020000
4122074.3d68: 0000000000d7c000-0000000000d78fff 0x0104/0x0004 0x0020000
4132074.3d68: 0000000000d7f000-0000000000d7dfff 0x0004/0x0004 0x0020000
4142074.3d68: *0000000000d80000-0000000000d7bfff 0x0002/0x0002 0x0040000
4152074.3d68: 0000000000d84000-0000000000d77fff 0x0001/0x0000 0x0000000
4162074.3d68: *0000000000d90000-0000000000d8dfff 0x0004/0x0004 0x0020000
4172074.3d68: 0000000000d92000-ffffffff81b43fff 0x0001/0x0000 0x0000000
4182074.3d68: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4192074.3d68: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4202074.3d68: 000000007fff0000-ffff8009de61ffff 0x0001/0x0000 0x0000000
4212074.3d68: *00007ff7219c0000-00007ff72199cfff 0x0002/0x0002 0x0040000
4222074.3d68: 00007ff7219e3000-00007ff7219dbfff 0x0001/0x0000 0x0000000
4232074.3d68: *00007ff7219ea000-00007ff7219e8fff 0x0004/0x0004 0x0020000
4242074.3d68: 00007ff7219eb000-00007ff7219e7fff 0x0001/0x0000 0x0000000
4252074.3d68: *00007ff7219ee000-00007ff7219ebfff 0x0004/0x0004 0x0020000
4262074.3d68: 00007ff7219f0000-00007ff720a6ffff 0x0001/0x0000 0x0000000
4272074.3d68: *00007ff722970000-00007ff722970fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4282074.3d68: 00007ff722971000-00007ff7229f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4292074.3d68: 00007ff7229f8000-00007ff7229f8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4302074.3d68: 00007ff7229f9000-00007ff722a43fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4312074.3d68: 00007ff722a44000-00007ff722a44fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4322074.3d68: 00007ff722a45000-00007ff722a45fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4332074.3d68: 00007ff722a46000-00007ff722a4afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4342074.3d68: 00007ff722a4b000-00007ff722a4bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4352074.3d68: 00007ff722a4c000-00007ff722a4cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4362074.3d68: 00007ff722a4d000-00007ff722a50fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4372074.3d68: 00007ff722a51000-00007ff722a9bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4382074.3d68: 00007ff722a9c000-00007ff722a97fff 0x0001/0x0000 0x0000000
4392074.3d68: *00007ff722aa0000-00007ff722a9efff 0x0040/0x0040 0x0020000 !!
4402074.3d68: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff722aa0000 (LB 0x1000, 00007ff722aa0000 LB 0x1000)
4412074.3d68: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff722aa0000/00007ff722aa0000 LB 0/0x1000]
4422074.3d68: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff722aa0000 LB 0x7f5360000 s=0x10000 ap=0x0 rp=0x00000000000001
4432074.3d68: 00007ff722aa1000-00007fef2d741fff 0x0001/0x0000 0x0000000
4442074.3d68: *00007fff17e00000-00007fff17e00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4452074.3d68: 00007fff17e01000-00007fff17f2cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4462074.3d68: 00007fff17f2d000-00007fff17f32fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4472074.3d68: 00007fff17f33000-00007fff17f3ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4482074.3d68: 00007fff17f40000-00007fff17f40fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4492074.3d68: 00007fff17f41000-00007fff17f43fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4502074.3d68: 00007fff17f44000-00007fff17f44fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4512074.3d68: 00007fff17f45000-00007fff17fabfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4522074.3d68: 00007fff17fac000-00007ffe2ff77fff 0x0001/0x0000 0x0000000
4532074.3d68: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
4542074.3d68: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
4552074.3d68: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4562074.3d68: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
4572074.3d68: 00007ff72297016a / 0x000016a: 00 != 13
4582074.3d68: 00007ff72297016c / 0x000016c: 00 != cc
4592074.3d68: 00007ff72297016d / 0x000016d: 00 != 01
4602074.3d68: 00007ff7229701c0 / 0x00001c0: 00 != cc
4612074.3d68: 00007ff7229701c1 / 0x00001c1: 00 != 01
4622074.3d68: 00007ff7229701c2 / 0x00001c2: 00 != 13
4632074.3d68: 00007ff7229701c4 / 0x00001c4: 00 != 20
4642074.3d68: Restored 0x400 bytes of original file content at 00007ff722970000
4652074.3d68: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
4662074.3d68: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x3
4672074.3d68: supR3HardNtChildPurify: Startup delay kludge #1/1: 519 ms, 59 sleeps
4682074.3d68: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4692074.3d68: *0000000000000000-ffffffffff3affff 0x0001/0x0000 0x0000000
4702074.3d68: *0000000000c50000-0000000000c2ffff 0x0004/0x0004 0x0020000
4712074.3d68: *0000000000c70000-0000000000c60fff 0x0002/0x0002 0x0040000
4722074.3d68: 0000000000c7f000-0000000000c7dfff 0x0001/0x0000 0x0000000
4732074.3d68: *0000000000c80000-0000000000b83fff 0x0000/0x0004 0x0020000
4742074.3d68: 0000000000d7c000-0000000000d78fff 0x0104/0x0004 0x0020000
4752074.3d68: 0000000000d7f000-0000000000d7dfff 0x0004/0x0004 0x0020000
4762074.3d68: *0000000000d80000-0000000000d7bfff 0x0002/0x0002 0x0040000
4772074.3d68: 0000000000d84000-0000000000d77fff 0x0001/0x0000 0x0000000
4782074.3d68: *0000000000d90000-0000000000d8dfff 0x0004/0x0004 0x0020000
4792074.3d68: 0000000000d92000-ffffffff81b43fff 0x0001/0x0000 0x0000000
4802074.3d68: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4812074.3d68: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4822074.3d68: 000000007fff0000-ffff8009de61ffff 0x0001/0x0000 0x0000000
4832074.3d68: *00007ff7219c0000-00007ff72199cfff 0x0002/0x0002 0x0040000
4842074.3d68: 00007ff7219e3000-00007ff7219dbfff 0x0001/0x0000 0x0000000
4852074.3d68: *00007ff7219ea000-00007ff7219e8fff 0x0004/0x0004 0x0020000
4862074.3d68: 00007ff7219eb000-00007ff7219e7fff 0x0001/0x0000 0x0000000
4872074.3d68: *00007ff7219ee000-00007ff7219ebfff 0x0004/0x0004 0x0020000
4882074.3d68: 00007ff7219f0000-00007ff720a6ffff 0x0001/0x0000 0x0000000
4892074.3d68: *00007ff722970000-00007ff722970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4902074.3d68: 00007ff722971000-00007ff7229f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4912074.3d68: 00007ff7229f8000-00007ff7229f8fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4922074.3d68: 00007ff7229f9000-00007ff722a43fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4932074.3d68: 00007ff722a44000-00007ff722a50fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4942074.3d68: 00007ff722a51000-00007ff722a9bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4952074.3d68: 00007ff722a9c000-00007fef2d737fff 0x0001/0x0000 0x0000000
4962074.3d68: *00007fff17e00000-00007fff17e00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4972074.3d68: 00007fff17e01000-00007fff17f2cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4982074.3d68: 00007fff17f2d000-00007fff17f32fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4992074.3d68: 00007fff17f33000-00007fff17f3ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5002074.3d68: 00007fff17f40000-00007fff17f43fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5012074.3d68: 00007fff17f44000-00007fff17f44fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5022074.3d68: 00007fff17f45000-00007fff17fabfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
5032074.3d68: 00007fff17fac000-00007ffe2ff77fff 0x0001/0x0000 0x0000000
5042074.3d68: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
5052074.3d68: supR3HardNtChildPurify: Done after 1075 ms and 2 fixes (loop #1).
5062074.3d68: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a30000 LB 0x400000)
5072074.3d68: supR3HardNtEnableThreadCreation:
508be4.3cf0: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
509be4.3cf0: supR3HardenedVmProcessInit: uNtDllAddr=00007fff17e00000
510be4.3cf0: ntdll.dll: timestamp 0x55c4c16b (rc=VINF_SUCCESS)
511be4.3cf0: New simple heap: #1 0000000000ea0000 LB 0x400000 (for 1753088 allocation)
512be4.3cf0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
513be4.3cf0: System32: \Device\HarddiskVolume4\Windows\System32
514be4.3cf0: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
515be4.3cf0: KnownDllPath: C:\WINDOWS\system32
516be4.3cf0: supR3HardenedVmProcessInit: Opening vboxdrv...
517be4.3cf0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
518be4.3cf0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
519be4.3cf0: Registered Dll notification callback with NTDLL.
520be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
521be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
522be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
523be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
524be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15360000 LB 0x00115000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
525be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
526be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
527be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15880000 LB 0x0013e000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
528be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
529be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15880000 'C:\WINDOWS\system32\KERNEL32.DLL'
530be4.3cf0: supR3HardenedDllNotificationCallback: load 00007ff722970000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
531be4.3cf0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
532be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
533be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
534be4.3cf0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff17e18ec0 pvNtTerminateThread=00007fff17e91700
5352074.3d68: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 77 ms.
536be4.3cf0: \SystemRoot\System32\ntdll.dll:
537be4.3cf0: CreationTime: 2015-09-18T17:09:41.651219800Z
538be4.3cf0: LastWriteTime: 2015-08-07T21:40:29.476583000Z
539be4.3cf0: ChangeTime: 2015-11-11T10:19:46.280698800Z
540be4.3cf0: FileAttributes: 0x20
541be4.3cf0: Size: 0x1a7f48
542be4.3cf0: NT Headers: 0xd8
543be4.3cf0: Timestamp: 0x55c4c16b
544be4.3cf0: Machine: 0x8664 - amd64
545be4.3cf0: Timestamp: 0x55c4c16b
546be4.3cf0: Image Version: 6.3
547be4.3cf0: SizeOfImage: 0x1ac000 (1753088)
548be4.3cf0: Resource Dir: 0x148000 LB 0x62450
549be4.3cf0: ProductName: Microsoft® Windows® Operating System
550be4.3cf0: ProductVersion: 6.3.9600.18007
551be4.3cf0: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
552be4.3cf0: FileDescription: NT Layer DLL
553be4.3cf0: \SystemRoot\System32\kernel32.dll:
554be4.3cf0: CreationTime: 2014-11-18T22:32:16.085463000Z
555be4.3cf0: LastWriteTime: 2014-10-29T04:09:24.572407200Z
556be4.3cf0: ChangeTime: 2015-10-17T17:49:48.696769200Z
557be4.3cf0: FileAttributes: 0x20
558be4.3cf0: Size: 0x13fc30
559be4.3cf0: NT Headers: 0xf8
560be4.3cf0: Timestamp: 0x545054ca
561be4.3cf0: Machine: 0x8664 - amd64
562be4.3cf0: Timestamp: 0x545054ca
563be4.3cf0: Image Version: 6.3
564be4.3cf0: SizeOfImage: 0x13e000 (1302528)
565be4.3cf0: Resource Dir: 0x12e000 LB 0x518
566be4.3cf0: ProductName: Microsoft® Windows® Operating System
567be4.3cf0: ProductVersion: 6.3.9600.17415
568be4.3cf0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
569be4.3cf0: FileDescription: Windows NT BASE API Client DLL
570be4.3cf0: \SystemRoot\System32\KernelBase.dll:
571be4.3cf0: CreationTime: 2015-09-18T17:09:41.596475400Z
572be4.3cf0: LastWriteTime: 2015-08-07T21:40:29.476583000Z
573be4.3cf0: ChangeTime: 2015-10-17T17:49:50.649993000Z
574be4.3cf0: FileAttributes: 0x20
575be4.3cf0: Size: 0x1150a0
576be4.3cf0: NT Headers: 0xf0
577be4.3cf0: Timestamp: 0x55c4c341
578be4.3cf0: Machine: 0x8664 - amd64
579be4.3cf0: Timestamp: 0x55c4c341
580be4.3cf0: Image Version: 6.3
581be4.3cf0: SizeOfImage: 0x115000 (1134592)
582be4.3cf0: Resource Dir: 0x110000 LB 0x3530
583be4.3cf0: ProductName: Microsoft® Windows® Operating System
584be4.3cf0: ProductVersion: 6.3.9600.18007
585be4.3cf0: FileVersion: 6.3.9600.18007 (winblue_ltsb.150807-0612)
586be4.3cf0: FileDescription: Windows NT BASE API Client DLL
587be4.3cf0: \SystemRoot\System32\apisetschema.dll:
588be4.3cf0: CreationTime: 2013-08-22T12:13:09.745625900Z
589be4.3cf0: LastWriteTime: 2013-08-22T12:35:12.091034400Z
590be4.3cf0: ChangeTime: 2014-11-07T06:18:16.831642700Z
591be4.3cf0: FileAttributes: 0x20
592be4.3cf0: Size: 0x11360
593be4.3cf0: NT Headers: 0xd0
594be4.3cf0: Timestamp: 0x52160049
595be4.3cf0: Machine: 0x8664 - amd64
596be4.3cf0: Timestamp: 0x52160049
597be4.3cf0: Image Version: 6.3
598be4.3cf0: SizeOfImage: 0x13000 (77824)
599be4.3cf0: Resource Dir: 0x11000 LB 0x3f8
600be4.3cf0: ProductName: Microsoft® Windows® Operating System
601be4.3cf0: ProductVersion: 6.3.9600.16384
602be4.3cf0: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
603be4.3cf0: FileDescription: ApiSet Schema DLL
604be4.3cf0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
605be4.3cf0: supR3HardenedWinFindAdversaries: 0x3
606be4.3cf0: \SystemRoot\System32\drivers\SysPlant.sys:
607be4.3cf0: CreationTime: 2014-11-08T08:44:57.530166600Z
608be4.3cf0: LastWriteTime: 2014-11-08T08:44:57.546176800Z
609be4.3cf0: ChangeTime: 2014-11-08T08:44:57.546176800Z
610be4.3cf0: FileAttributes: 0x20
611be4.3cf0: Size: 0x26f40
612be4.3cf0: NT Headers: 0x100
613be4.3cf0: Timestamp: 0x5413cb4e
614be4.3cf0: Machine: 0x8664 - amd64
615be4.3cf0: Timestamp: 0x5413cb4e
616be4.3cf0: Image Version: 5.0
617be4.3cf0: SizeOfImage: 0x2d000 (184320)
618be4.3cf0: Resource Dir: 0x2b000 LB 0x498
619be4.3cf0: ProductName: Symantec CMC Firewall
620be4.3cf0: ProductVersion: 12.1.5337.5000
621be4.3cf0: FileVersion: 12.1.5337.5000
622be4.3cf0: FileDescription: Symantec CMC Firewall SysPlant
623be4.3cf0: \SystemRoot\System32\sysfer.dll:
624be4.3cf0: CreationTime: 2014-11-08T08:44:57.353047900Z
625be4.3cf0: LastWriteTime: 2014-11-08T08:44:57.404082300Z
626be4.3cf0: ChangeTime: 2014-11-08T08:44:57.404082300Z
627be4.3cf0: FileAttributes: 0x20
628be4.3cf0: Size: 0x70f60
629be4.3cf0: NT Headers: 0xe8
630be4.3cf0: Timestamp: 0x5413cb55
631be4.3cf0: Machine: 0x8664 - amd64
632be4.3cf0: Timestamp: 0x5413cb55
633be4.3cf0: Image Version: 0.0
634be4.3cf0: SizeOfImage: 0x88000 (557056)
635be4.3cf0: Resource Dir: 0x86000 LB 0x630
636be4.3cf0: ProductName: Symantec CMC Firewall
637be4.3cf0: ProductVersion: 12.1.5337.5000
638be4.3cf0: FileVersion: 12.1.5337.5000
639be4.3cf0: FileDescription: Symantec CMC Firewall sysfer
640be4.3cf0: \SystemRoot\System32\drivers\symevent64x86.sys:
641be4.3cf0: CreationTime: 2014-11-08T08:46:23.891600000Z
642be4.3cf0: LastWriteTime: 2014-11-08T08:46:23.873588100Z
643be4.3cf0: ChangeTime: 2014-11-08T08:46:23.873588100Z
644be4.3cf0: FileAttributes: 0x20
645be4.3cf0: Size: 0x2b658
646be4.3cf0: NT Headers: 0xe8
647be4.3cf0: Timestamp: 0x51f32ff2
648be4.3cf0: Machine: 0x8664 - amd64
649be4.3cf0: Timestamp: 0x51f32ff2
650be4.3cf0: Image Version: 6.0
651be4.3cf0: SizeOfImage: 0x38000 (229376)
652be4.3cf0: Resource Dir: 0x36000 LB 0x3c8
653be4.3cf0: ProductName: SYMEVENT
654be4.3cf0: ProductVersion: 12.9.5.2
655be4.3cf0: FileVersion: 12.9.5.2
656be4.3cf0: FileDescription: Symantec Event Library
657be4.3cf0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
658be4.3cf0: Calling main()
659be4.3cf0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
660be4.3cf0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
661be4.3cf0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
662be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
663be4.3cf0: SUPR3HardenedMain: Final process, opening VBoxDrv...
664be4.3cf0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000ea0000 LB 0x400000)
665be4.3cf0: supR3HardNtEnableThreadCreation:
666be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
667be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
668be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
669be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
670be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff0ca20000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
671be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
672be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
673be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
674be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0ca20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
675be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
676be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
677be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0ca20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
678be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0ca20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
679be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
680be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
681be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
682be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
683be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
684be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
685be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
686be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
687be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
688be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
689be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
690be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
691be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
692be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
693be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
694be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
695be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
696be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
697be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
698be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
699be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
700be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
701be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
702be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
703be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
704be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
705be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
706be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
707be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
708be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
709be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
710be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
711be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15480000 LB 0x000aa000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
712be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
713be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15000000 LB 0x00011000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
714be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
715be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15180000 LB 0x001df000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
716be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
717be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff159c0000 LB 0x00141000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
718be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
719be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15120000 LB 0x00051000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
720be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
721be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\WINDOWS\system32\Wintrust.dll'
722be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
723be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
724be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
725be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
726be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff14a10000 LB 0x00026000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
727be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
728be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff14a10000 'C:\WINDOWS\system32\bcrypt.dll'
729be4.3cf0: bcrypt.dll loaded at 00007fff14a10000, BCryptOpenAlgorithmProvider at 00007fff14a134a0, preloading providers:
730be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
731be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
732be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
733be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
734be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff14d50000 LB 0x00063000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
735be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
736be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff14d50000 'C:\WINDOWS\system32\bcryptprimitives.dll'
737be4.3cf0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001318c90)
738be4.3cf0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000001319080)
739be4.3cf0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000013191a0)
740be4.3cf0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000013193f0)
741be4.3cf0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001319510)
742be4.3cf0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001319b00)
743be4.3cf0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001319c20)
744be4.3cf0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001319f80)
745be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
746be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
747be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
748be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
749be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
750be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
751be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
752be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
753be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
754be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
755be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
756be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
757be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
758be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
759be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
760be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
761be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
762be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
763be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
764be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
765be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
766be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
767be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff147c0000 LB 0x00020000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
768be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
769be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
770be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
771be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
772be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
773be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
774be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
775be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
776be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
777be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff143e0000 LB 0x00036000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
778be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
779be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
780be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
781be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
782be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
783be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff14dc0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
784be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
785be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
786be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
787be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
788be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
789be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
790be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15880000 'C:\WINDOWS\system32\kernel32.dll'
791be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
792be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
793be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
794be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
795be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\CRYPT32.dll'
796be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff17870000 LB 0x00016000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
797be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
798be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
799be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
800be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
801be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
802be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
803be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
804be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
805be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
806be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
807be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
808be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ncrypt.dll)
809be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ncrypt.dll
810be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntasn1.dll)
811be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntasn1.dll
812be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff149a0000 LB 0x00037000 C:\WINDOWS\SYSTEM32\NTASN1.dll [fFlags=0x0]
813be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
814be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff149e0000 LB 0x00025000 C:\WINDOWS\SYSTEM32\ncrypt.dll [fFlags=0x0]
815be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
816be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
817be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
818be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
819be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff178b0000 LB 0x00059000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0]
820be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
821be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
822be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
823be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
824be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
825be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff140a0000 LB 0x00024000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
826be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
827be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
828be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
829be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff14f50000 LB 0x00015000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
830be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
831be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
832be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
833be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
834be4.3cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
835be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
836be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
837be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
838be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
839be4.3cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\Wldap32.dll)
840be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Wldap32.dll
841be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
842be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
843be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
844be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
845be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
846be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
847be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
848be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
849be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
850be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
851be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
852be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
853be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
854be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
855be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
856be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
857be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
858be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
859be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
860be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
861be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
862be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
863be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
864be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
865be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
866be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
867be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff17d40000 LB 0x0005c000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
868be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
869be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff03ae0000 LB 0x00039000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
870be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
871be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
872be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
873be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
874be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
875be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
876be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
877be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
878be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
879be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
880be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
881be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
882be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
883be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
884be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
885be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
886be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
887be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
888be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
889be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
890be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
891be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
892be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
893be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
894be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
895be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
896be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
897be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
898be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
899be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\WINDOWS\system32\cryptnet.dll'
900be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
901be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ae0000 'C:\Windows\System32\cryptnet.dll'
902be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
903be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
904be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
905be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
906be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
907be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15f10000 LB 0x000aa000 C:\WINDOWS\SYSTEM32\advapi32.dll [fFlags=0x0]
908be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
909be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
910be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
911be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
912be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
913be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
914be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
915be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
916be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
917be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
918be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
919be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
920be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
921be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
922be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
923be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
924be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
925be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001325710
926be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
927be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E9D449D768A53FA106767AD8C8013AB6DCC6C8EC
928be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
929be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
930be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff159c0000 'C:\WINDOWS\system32\rpcrt4.dll'
931be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
932be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
933be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
934be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
935be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
936be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
937be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
938be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
939be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
940be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
941be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
942be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
943be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
944be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
945be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\Windows\System32\WINTRUST.DLL'
946be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
947be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
948be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
949be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
950be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
951be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
952be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_29_for_KB3101746~31bf3856ad364e35~amd64~~6.3.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
953be4.3cf0: g_pfnWinVerifyTrust=00007fff15121050
954be4.3cf0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
955be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
956be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
957be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
958be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
959be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
960be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
961be4.3cf0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
962be4.3cf0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
963be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
964be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
965be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
966be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
967be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
968be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
969be4.3cf0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
970be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
971be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
972be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
973be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
974be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
975be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume4\Windows\System32\Wldap32.dll
976be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
977be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
978be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBC3979054487C3D01C936AC44608445F3BDB24A
979be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
980be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
981be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
982be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
983be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
984be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
985be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
986be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
987be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
988be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFA081F787F20E906CEFF5631F4EC1F5B874BBA5
989be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
990be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
991be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
992be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
993be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
994be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
995be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
996be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
997be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
998be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
999be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1000be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1001be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1002be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
1003be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1004be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1005be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1006be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
1007be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1008be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1009be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1010be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll'
1011be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1012be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1013be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
1014be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1015be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1016be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll'
1017be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1018be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1019be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1020be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1021be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
1022be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1023be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1024be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1025be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
1026be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1027be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1028be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1029be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
1030be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1031be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1032be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
1033be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1034be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1035be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
1036be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1037be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1038be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
1039be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1040be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1041be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
1042be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1043be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1044be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
1045be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1046be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1047be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
1048be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1049be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1050be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1051be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
1052be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1053be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1054be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
1055be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1056be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1057be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
1058be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1059be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x891a96fe7545c200 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate
1060be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x3f5cb84a5c1baa00 CN=localhost, O=Skype Click to Call, OU=Skype Click to Call
1061be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1062be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1063be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1064be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1065be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1066be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1067be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1068be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1069be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1070be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1071be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1072be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1073be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1074be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1075be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1076be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1077be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1078be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1079be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1080be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1081be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1082be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1083be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1084be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1085be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1086be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1087be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
1088be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1089be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1090be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1091be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1092be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1093be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1094be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1095be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1096be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1097be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1098be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1099be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1100be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1101be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1102be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1103be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1104be4.3cf0: supR3HardenedWinIsDesiredRootCA: Adding 0x4b0cd3b56d5883aa OU=Copyright (c) 1999 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Test Root Authority
1105be4.3cf0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=46
1106be4.3cf0: SUPR3HardenedMain: Load Runtime...
1107be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1108be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1109be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1110be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1111be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1112be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1113be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1114be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1115be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1116be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1117be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1118be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1119be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1120be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1121be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
1122be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
1123be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
1124be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1125be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1126be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1127be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1128be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1129be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1130be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1131be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1132be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
1133be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
1134be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
1135be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1136be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1137be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1138be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1139be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1140be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1141be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
1142be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1143be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1144be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1145be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
1146be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1147be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1148be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1149be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1150be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1151be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1152be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1153be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1154be4.3cf0: supR3HardenedDllNotificationCallback: load 00000000522d0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1155be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1156be4.3cf0: supR3HardenedDllNotificationCallback: load 0000000052230000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1157be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1158be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff17890000 LB 0x00009000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
1159be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
1160be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff17da0000 LB 0x0005a000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
1161be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1162be4.3cf0: supR3HardenedDllNotificationCallback: load 00007ffef2050000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1163be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1164be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1165be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1166be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
1167be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rescheduled]
1168be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1169be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1170be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1171be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1172be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1173be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1174be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1175be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1176be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1177be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1178be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1179be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1180be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1181be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1182be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1183be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1184be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1185be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1186be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1187be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1188be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1189be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1190be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1191be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1192be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1193be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1194be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1195be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1196be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1197be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1198be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1199be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1200be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1201be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1202be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1203be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1204be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1205be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1206be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1207be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1208be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1209be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1210be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1211be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1212be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1213be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1214be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1215be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1216be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef2050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1217be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15120000 'C:\WINDOWS\system32\Wintrust.dll'
1218be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1219be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1220be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1221be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1222be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
1223be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1224be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1225be4.3cf0: SUPR3HardenedMain: Load TrustedMain...
1226be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1227be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1228be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1229be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1230be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1231be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1232be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1233be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
1234be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1235be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1236be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
1237be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
1238be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
1239be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
1240be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
1241be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1242be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1243be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
1244be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1245be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1246be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1247be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1248be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1249be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
1250be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
1251be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
1252be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
1253be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1254be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1255be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1256be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
1257be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
1258be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8D428FD3A844AF383E2EA2C23013320CECD6296
1259be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1260be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1261be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
1262be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
1263be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
1264be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
1265be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1266be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1267be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1268be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1269be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1270be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
1271be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1272be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
1273be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
1274be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
1275be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1276be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1277be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
1278be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1279be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
1280be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll)
1281be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
1282be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1283be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1284be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1285be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1286be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1287be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
1288be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
1289be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1290be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1291be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1292be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1293be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1294be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1295be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
1296be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
1297be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
1298be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1299be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1300be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1301be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1302be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
1303be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1304be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1305be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1306be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1307be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1308be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1309be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1310be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll) WinVerifyTrust
1311be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1312be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1313be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1314be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1315be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1316be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
1317be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1318be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'.
1319be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'.
1320be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'.
1321be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
1322be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
1323be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1324be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1325be4.3cf0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
1326be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1327be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1328be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1329be4.3cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
1330be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
1331be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1332be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1333be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1334be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1335be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1336be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1337be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1338be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1339be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
1340be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1341be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
1342be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
1343be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
1344be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
1345be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1346be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1347be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1348be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1349be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1350be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1351be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1352be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1353be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1354be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1355be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1356be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1357be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1358be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1359be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1360be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1361be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1362be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1363be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1364be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1365be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1366be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1367be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1368be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1369be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1370be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1371be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1372be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1373be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1374be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1375be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1376be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1377be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1378be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
1379be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1380be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
1381be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1382be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1383be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1384be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1385be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1386be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1387be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1388be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1389be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1390be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1391be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1392be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
1393be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
1394be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1395be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1396be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1397be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1398be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1399be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1400be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1401be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1402be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1403be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1404be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
1405be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
1406be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
1407be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
1408be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
1409be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1410be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1411be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [redoing WinVerifyTrust]
1412be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1413be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1414be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
1415be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1416be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1417be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1418be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1419be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1420be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1421be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1422be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1423be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1424be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1425be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1426be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1427be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1428be4.3cf0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
1429be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1430be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1431be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1432be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1433be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1434be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1435be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1436be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1437be4.3cf0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
1438be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1439be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1440be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
1441be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1442be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1443be4.3cf0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
1444be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1445be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1446be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1447be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1448be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1449be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1450be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1451be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1452be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1453be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1454be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1455be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1456be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1457be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1458be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1459be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1460be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1461be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1462be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
1463be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1464be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1465be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1466be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1467be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1468be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1469be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
1470be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1471be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1472be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1473be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
1474be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1475be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1476be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1477be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1478be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1479be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1480be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1481be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1482be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1483be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1484be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1485be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1486be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1487be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
1488be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1489be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1490be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1491be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1492be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1493be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1494be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1495be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1496be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1497be4.3cf0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
1498be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1499be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1500be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1501be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1502be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1503be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1504be4.3cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
1505be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1506be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1507be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1508be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1509be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1510be4.3cf0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
1511be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1512be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
1513be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
1514be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
1515be4.3cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)
1516be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
1517be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1518be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1519be4.3cf0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
1520be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1521be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1522be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1523be4.3cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
1524be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
1525be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1526be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1527be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1528be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1529be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1530be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1531be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1532be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1533be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1534be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1535be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1536be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1537be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1538be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1539be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1540be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1541be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1542be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1543be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1544be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1545be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1546be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1547be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1548be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1549be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1550be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1551be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1552be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1553be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1554be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1555be4.3cf0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
1556be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1557be4.3cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
1558be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
1559be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1560be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1561be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1562be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1563be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1564be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
1565be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1566be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
1567be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
1568be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
1569be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1570be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1571be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1572be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1573be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1574be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1575be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1576be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1577be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1578be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1579be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1580be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1581be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1582be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1583be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1584be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1585be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1586be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1587be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1588be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1589be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1590be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1591be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1592be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1593be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1594be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1595be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1596be4.3cf0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
1597be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1598be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1599be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1600be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'.
1601be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
1602be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
1603be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1604be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1605be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1606be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1607be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1608be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1609be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1610be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1611be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1612be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1613be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1614be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1615be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1616be4.3cf0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
1617be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1618be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1619be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1620be4.3cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)
1621be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
1622be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1623be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1624be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1625be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1626be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1627be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1628be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1629be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1630be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1631be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1632be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1633be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1634be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1635be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1636be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1637be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1638be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1639be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1640be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1641be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1642be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1643be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1644be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1645be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1646be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1647be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1648be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1649be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1650be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1651be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1652be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1653be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1654be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1655be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1656be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1657be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1658be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
1659be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1660be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1661be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
1662be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1663be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1664be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1665be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1666be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1667be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1668be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1669be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1670be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1671be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1672be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1673be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1674be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1675be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1676be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1677be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1678be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1679be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1680be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1681be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1682be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1683be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1684be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [lacks WinVerifyTrust]
1685be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1686be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1687be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1688be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1689be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1690be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1691be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1692be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1693be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1694be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1695be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1696be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1697be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1698be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1699be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1700be4.3cf0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
1701be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1702be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1703be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1704be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1705be4.3cf0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
1706be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1707be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1708be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1709be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1710be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1711be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1712be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1713be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1714be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000518 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
1715be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
1716be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
1717be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C6D4490D969C3233E8843AD4B11DB3F390C0B16
1718be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1719be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1720be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1537_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
1721be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1722be4.3cf0: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
1723be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1724be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
1725be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1726be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1727be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
1728be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1729be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1730be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1731be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1732be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1733be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1734be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1735be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1736be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1737be4.3cf0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll)
1738be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll
1739be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1740be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1741be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1742be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1743be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1744be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'.
1745be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
1746be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
1747be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15530000 LB 0x00177000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
1748be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff16120000 LB 0x0014f000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
1749be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff123b0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
1750be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1751be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff07350000 LB 0x000f8000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
1752be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1753be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff00280000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1754be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1755be4.3cf0: supR3HardenedDllNotificationCallback: load 00007ffefde10000 LB 0x0012b000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1756be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1757be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15cf0000 LB 0x00211000 C:\WINDOWS\SYSTEM32\combase.dll [fFlags=0x0]
1758be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1759be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff179e0000 LB 0x00194000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
1760be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1761be4.3cf0: supR3HardenedDllNotificationCallback: load 0000000051f50000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1762be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1763be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff17980000 LB 0x00054000 C:\WINDOWS\system32\SHLWAPI.dll [fFlags=0x0]
1764be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1765be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff12080000 LB 0x000a4000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\COMCTL32.dll [fFlags=0x0]
1766be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll [avoiding WinVerifyTrust]
1767be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff16340000 LB 0x0152b000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
1768be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1769be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff13460000 LB 0x000b2000 C:\WINDOWS\SYSTEM32\SHCORE.DLL [fFlags=0x0]
1770be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [avoiding WinVerifyTrust]
1771be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff156c0000 LB 0x000b6000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
1772be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1773be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff16270000 LB 0x000c1000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
1774be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1775be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15fc0000 LB 0x00152000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
1776be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
1777be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15840000 LB 0x00036000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0]
1778be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1779be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15020000 LB 0x0004f000 C:\WINDOWS\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
1780be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1781be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff13d10000 LB 0x00028000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
1782be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1783be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff12480000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1784be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1785be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff12530000 LB 0x00022000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1786be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1787be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff11ff0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1788be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1789be4.3cf0: supR3HardenedDllNotificationCallback: load 00000000515e0000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1790be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [avoiding WinVerifyTrust]
1791be4.3cf0: supR3HardenedDllNotificationCallback: load 0000000051500000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1792be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1793be4.3cf0: supR3HardenedDllNotificationCallback: load 00007ffef1590000 LB 0x00abb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1794be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
1795be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
1796be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
1797be4.3cf0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'.
1798be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' [rescheduled]
1799be4.3cf0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
1800be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled]
1801be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
1802be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rescheduled]
1803be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
1804be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
1805be4.3cf0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
1806be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
1807be4.3cf0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
1808be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
1809be4.3cf0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
1810be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled]
1811be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
1812be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll' [rescheduled]
1813be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1814be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
1815be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
1816be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
1817be4.3cf0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
1818be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
1819be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
1820be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
1821be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
1822be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rescheduled]
1823be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
1824be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
1825be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1826be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
1827be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
1828be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1829be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1830be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
1831be4.3cf0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1832be4.3cf0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
1833be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1834be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1835be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1836be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1837be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1838be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1839be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1840be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1841be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1842be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1843be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15840000 'C:\WINDOWS\system32\imm32.dll'
1844be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef1590000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1845be4.3cf0: SUPR3HardenedMain: Calling TrustedMain (00007ffef15910d0)...
1846be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1847be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1848be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12530000 'C:\WINDOWS\system32\winmm.dll'
1849be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005d4 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1850be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
1851be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
1852be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=011C79DEF7FEEC81838000B9664073BAE4A7CB92
1853be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1854be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1855be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1357_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
1856be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1857be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1858be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1859be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
1860be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
1861be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1862be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1863be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1864be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1865be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1866be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1867be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1868be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1869be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1870be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1871be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff13be0000 LB 0x00129000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
1872be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1873be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff13be0000 'C:\WINDOWS\system32\uxtheme.dll'
1874be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1875be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1876be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff13be0000 'C:\WINDOWS\system32\uxtheme.dll'
1877be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1878be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1879be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff13be0000 'C:\WINDOWS\system32\uxtheme.dll'
1880be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1881be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1882be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff13be0000 'C:\WINDOWS\system32\uxtheme.dll'
1883be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1884be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'.
1885be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'.
1886be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
1887be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
1888be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff13260000 LB 0x00021000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
1889be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1890be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
1891be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1892be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
1893be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
1894be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff13b40000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
1895be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
1896be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1897be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1898be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1899be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1900be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1901be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1902be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1903be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1904be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1905be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1906be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1907be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1908be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
1909be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1910be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1911be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
1912be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1913be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1914be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16340000 'C:\WINDOWS\system32\shell32.dll'
1915be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1916be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1917be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15880000 'C:\WINDOWS\system32\kernel32.dll'
1918be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1919be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1920be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff13be0000 'C:\WINDOWS\system32\uxtheme.dll'
1921be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1922be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1923be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff13be0000 'C:\WINDOWS\system32\uxtheme.dll'
1924be4.3cf0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
1925be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1926be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
1927be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15530000 'C:\WINDOWS\system32\user32.dll'
1928be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1929be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1930be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff13be0000 'C:\WINDOWS\system32\uxtheme.dll'
1931be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15530000 'C:\WINDOWS\system32\user32.dll'
1932be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15f10000 'C:\WINDOWS\system32\advapi32.dll'
1933be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1934be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1935be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1936be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1937be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
1938be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
1939be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
1940be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1941be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1942be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
1943be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1944be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1945be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1946be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1947be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1948be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
1949be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff144f0000 LB 0x00021000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
1950be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
1951be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff144f0000 'C:\WINDOWS\system32\userenv.dll'
1952be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1953be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1954be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15880000 'C:\WINDOWS\system32\kernel32.dll'
1955be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1956be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1957be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
1958be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
1959be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff15780000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\clbcatq.dll [fFlags=0x0]
1960be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust]
1961be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1962be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1963be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1964be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1965be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1966be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1967be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
1968be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1969be4.3f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1970be4.3f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1971be4.3f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1972be4.3f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
1973be4.3f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
1974be4.3f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1975be4.3f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
1976be4.3f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
1977be4.3f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
1978be4.3f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1979be4.3f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1980be4.3f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1981be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1982be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1983be4.3f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1984be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1985be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1986be4.3f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1987be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1988be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1989be4.3f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1990be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
1991be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
1992be4.3f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
1993be4.3f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
1994be4.3f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1995be4.3f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll) WinVerifyTrust
1996be4.3f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
1997be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1998be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1999be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2000be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2001be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
2002be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
2003be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2004be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2005be4.3f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2006be4.3f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2007be4.3f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\psapi.dll) WinVerifyTrust
2008be4.3f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\psapi.dll
2009be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2010be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2011be4.3f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
2012be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2013be4.3f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2014be4.3f0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
2015be4.3f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2016be4.3f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
2017be4.3f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
2018be4.3f0c: supR3HardenedDllNotificationCallback: load 00007fff178a0000 LB 0x00007000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0]
2019be4.3f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\psapi.dll
2020be4.3f0c: supR3HardenedDllNotificationCallback: load 00007fff12560000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
2021be4.3f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
2022be4.3f0c: supR3HardenedDllNotificationCallback: load 00007ffeeeb10000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2023be4.3f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
2024be4.3f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeeeb10000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2025be4.3f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2026be4.3f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2027be4.3f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16270000 'C:\Windows\System32\oleaut32.dll'
2028be4.3f0c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\sxs.dll)
2029be4.3f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sxs.dll
2030be4.3f0c: supR3HardenedDllNotificationCallback: load 00007fff14e50000 LB 0x00099000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
2031be4.3f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
2032be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000748 pwszName=\Device\HarddiskVolume4\Windows\System32\sxs.dll
2033be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
2034be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
2035be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CE9E354C30F5B2A6EDC3DE9416DF14533BE89816
2036be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2037be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2038be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_68_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\sxs.dll'
2039be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2040be4.3cf0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sxs.dll'
2041be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2042be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2043be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16270000 'C:\WINDOWS\system32\OLEAUT32.dll'
2044be4.3cf0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2045be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2046be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
2047be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16120000 'C:\WINDOWS\system32\gdi32.dll'
2048be4.327c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2049be4.327c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2050be4.327c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2051be4.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2052be4.327c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2053be4.327c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
2054be4.327c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2055be4.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2056be4.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2057be4.327c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2058be4.327c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2059be4.327c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2060be4.327c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2061be4.327c: supR3HardenedDllNotificationCallback: load 00007fff0ca10000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
2062be4.327c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2063be4.327c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0ca10000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
2064be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15530000 'C:\WINDOWS\system32\user32.dll'
2065be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
2066be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2067be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16340000 'C:\WINDOWS\system32\shell32.dll'
2068be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
2069be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2070be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff179e0000 'C:\WINDOWS\system32\ole32.dll'
2071be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [redoing WinVerifyTrust]
2072be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2073be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2074be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
2075be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2076be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15fc0000 'C:\WINDOWS\system32\MSCTF.dll'
2077be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
2078be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2079be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff179e0000 'C:\WINDOWS\system32\ole32.dll'
2080be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2081be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2082be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16270000 'C:\WINDOWS\system32\OLEAUT32.dll'
2083be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b8c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2084be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
2085be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
2086be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=423F3447A3399AF560C707709A03AE5E23FA1CAD
2087be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2088be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2089be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
2090be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2091be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2092be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2093be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2094be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2095be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2096be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2097be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2098be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bbc pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2099be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
2100be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
2101be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E264B83DD0BC4A26011E964C5856C40BC4FD6A4
2102be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2103be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2104be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
2105be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2106be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2107be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'.
2108be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
2109be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2110be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2111be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2112be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2113be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2114be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2115be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2116be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2117be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2118be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2119be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2120be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2121be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2122be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2123be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff03060000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2124be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2125be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff02670000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2126be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2127be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2128be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15360000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2129be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02670000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2130be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c2c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2131be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
2132be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
2133be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=34CAAFAC191912291EB7000AE3D54335A7FD4C18
2134be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
2135be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2136be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2137be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2138be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
2139be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2140be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2141be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2142be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2143be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2144be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2145be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2146be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2147be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2148be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
2149be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2150be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2151be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff02320000 LB 0x00015000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2152be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2153be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02320000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2154be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2155be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15360000 'api-ms-win-core-localization-l1-2-0.dll'
2156be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2157be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15360000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2158be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd4 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2159be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
2160be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
2161be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92F5EA7DEF5292B930D85382B83309F563FFA69F
2162be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2163be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2164be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
2165be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2166be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2167be4.3cf0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2168be4.3cf0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2169be4.3cf0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2170be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2171be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2172be4.3cf0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2173be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2174be4.3cf0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2175be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2176be4.3cf0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2177be4.3cf0: supR3HardenedDllNotificationCallback: load 00007fff02390000 LB 0x000fb000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2178be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2179be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02390000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2180be4.3cf0: supR3HardenedMonitor_LdrLoadDll: 'C:\WINDOWS\system32\comctl32.dll' -> 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' [redir]
2181be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll [redoing WinVerifyTrust]
2182be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll
2183be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
2184be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
2185be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6522FA6F02EF4787F28DA6C27054084E2173E41
2186be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2187be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2188be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
2189be4.3cf0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2190be4.3cf0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
2191be4.3cf0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll (Input=C:\WINDOWS\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2192be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12080000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'
2193be4.4564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2194be4.4564: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2195be4.4564: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2196be4.4564: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2197be4.4564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2198be4.4564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2199be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2200be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2201be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2202be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2203be4.4564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2204be4.4564: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2205be4.4564: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2206be4.4564: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2207be4.4564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2208be4.4564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2209be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2210be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2211be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2212be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2213be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2214be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2215be4.4564: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2216be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2217be4.4564: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2218be4.4564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2219be4.4564: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2220be4.4564: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2221be4.4564: supR3HardenedDllNotificationCallback: load 00000000513f0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2222be4.4564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2223be4.4564: supR3HardenedDllNotificationCallback: load 00007ffef8380000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2224be4.4564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2225be4.4564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef8380000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2226be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2227be4.3e88: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
2228be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
2229be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
2230be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys)
2231be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys
2232be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
2233be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2234be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2235be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2236be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys)
2237be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys
2238be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
2239be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2240be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys)
2241be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys
2242be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
2243be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2244be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys)
2245be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys
2246be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
2247be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2248be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2249be4.3c1c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe'.
2250be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
2251be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'hal.dll'.
2252be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
2253be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
2254be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ci.dll'.
2255be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msrpc.sys'.
2256be4.3c1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe)
2257be4.3c1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe
2258be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2259be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2260be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2261be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2262be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2263be4.3c1c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys'.
2264be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2265be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2266be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
2267be4.3c1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys)
2268be4.3c1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\netio.sys
2269be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2270be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2271be4.3c1c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys'.
2272be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2273be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2274be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2275be4.3c1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys)
2276be4.3c1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys
2277be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2278be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2279be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2280be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2281be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2282be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2283be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2284be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2285be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
2286be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2287be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2288be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
2289be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2290be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2291be4.3c1c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\hal.dll'.
2292be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2293be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
2294be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
2295be4.3c1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\hal.dll)
2296be4.3c1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\hal.dll
2297be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2298be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2299be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2300be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
2301be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
2302be4.3c1c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys'.
2303be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2304be4.3c1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys)
2305be4.3c1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys
2306be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2307be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2308be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
2309be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2310be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2311be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2312be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
2313be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
2314be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
2315be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume4\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
2316be4.3c1c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\ci.dll'.
2317be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2318be4.3c1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ci.dll)
2319be4.3c1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ci.dll
2320be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2321be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume4\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2322be4.3c1c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kdcom.dll'.
2323be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2324be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2325be4.3c1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kdcom.dll)
2326be4.3c1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kdcom.dll
2327be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
2328be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume4\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
2329be4.3c1c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL'.
2330be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2331be4.3c1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL)
2332be4.3c1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL
2333be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2334be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2335be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
2336be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2337be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume4\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2338be4.3c1c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\PSHED.DLL'.
2339be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2340be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2341be4.3c1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\PSHED.DLL)
2342be4.3c1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\PSHED.DLL
2343be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2344be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2345be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
2346be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2347be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2348be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2349be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2350be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2351be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2352be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2353be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume4\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2354be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\hal.dll [lacks WinVerifyTrust]
2355be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2356be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2357be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2358be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2359be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2360be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2361be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2362be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2363be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2364be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2365be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume4\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2366be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
2367be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2368be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume4\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2369be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
2370be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2371be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2372be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
2373be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2374be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxDrv.sys'
2375be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2376be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxUSBMon.sys'
2377be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2378be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetLwf.sys'
2379be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2380be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys'
2381be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2382be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2383be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\PSHED.DLL'
2384be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2385be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2386be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\BOOTVID.DLL'
2387be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2388be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2389be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kdcom.dll'
2390be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2391be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2392be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ci.dll'
2393be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2394be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2395be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\msrpc.sys'
2396be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2397be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2398be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\hal.dll'
2399be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2400be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2401be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\ndis.sys'
2402be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2403be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2404be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\drivers\netio.sys'
2405be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2406be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2407be4.3c1c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntoskrnl.exe'
2408be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2409be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2410be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2411be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2412be4.3c1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2413be4.3c1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2414be4.3c1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2415be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2416be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2417be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2418be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2419be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2420be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2421be4.3c1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2422be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2423be4.3c1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2424be4.3c1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2425be4.3c1c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2426be4.3c1c: supR3HardenedDllNotificationCallback: load 00007fff0bc50000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2427be4.3c1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2428be4.3c1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0bc50000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2429be4.4450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2430be4.4450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2431be4.4450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2432be4.4450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2433be4.4450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2434be4.4450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2435be4.4450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2436be4.4450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2437be4.4450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2438be4.4450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2439be4.4450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
2440be4.4450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2441be4.4450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2442be4.4450: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2443be4.4450: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2444be4.4450: supR3HardenedDllNotificationCallback: load 00007fff0bb90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2445be4.4450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2446be4.4450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0bb90000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2447be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2448be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2449be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2450be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2451be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
2452be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
2453be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2454be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2455be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
2456be4.450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
2457be4.450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2458be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2459be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2460be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2461be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2462be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2463be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
2464be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2465be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2466be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
2467be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
2468be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2469be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2470be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2471be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2472be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2473be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2474be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2475be4.450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
2476be4.450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2477be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2478be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2479be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2480be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2481be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2482be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2483be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2484be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2485be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2486be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2487be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2488be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2489be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2490be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2491be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2492be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2493be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2494be4.450: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
2495be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2496be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2497be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2498be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2499be4.450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
2500be4.450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2501be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2502be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2503be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2504be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2505be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2506be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2507be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2508be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
2509be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2510be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2511be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2512be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2513be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2514be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2515be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2516be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2517be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2518be4.450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
2519be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2520be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2521be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2522be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2523be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2524be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2525be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2526be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
2527be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2528be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
2529be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2530be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2531be4.450: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
2532be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2533be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2534be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2535be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2536be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
2537be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2538be4.450: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2539be4.450: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
2540be4.450: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2541be4.450: supR3HardenedDllNotificationCallback: load 00007fff02c90000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
2542be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
2543be4.450: supR3HardenedDllNotificationCallback: load 00007fff043d0000 LB 0x00028000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
2544be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2545be4.450: supR3HardenedDllNotificationCallback: load 00007ffefce40000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
2546be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2547be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefce40000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
2548be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2549be4.450: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
2550be4.450: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-version-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2551be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15360000 'api-ms-win-core-version-l1-1-0.dll'
2552be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2553be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2554be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff043d0000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
2555be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2556be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2557be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2558be4.450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
2559be4.450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2560be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2561be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2562be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2563be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2564be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2565be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2566be4.450: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2567be4.450: supR3HardenedDllNotificationCallback: load 00007fff0bb70000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
2568be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2569be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0bb70000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
2570be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
2571be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2572be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32/opengl32.dll'
2573be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
2574be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2575be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2576be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16120000 'C:\WINDOWS\system32\gdi32.dll'
2577be4.450: \Device\HarddiskVolume4\Windows\System32\nvoglshim64.dll: Owner is administrators group.
2578be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2579be4.450: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume4\Windows\System32\nvoglshim64.dll'
2580be4.450: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d9c pwszName=\Device\HarddiskVolume4\Windows\System32\nvoglshim64.dll
2581be4.450: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
2582be4.450: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
2583be4.450: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=89653ECBAFE897EEC142EE0D370C50064BFDE9AB
2584be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2585be4.450: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem33.cat'; file='\Device\HarddiskVolume4\Windows\System32\nvoglshim64.dll'
2586be4.450: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
2587be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
2588be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2589be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2590be4.450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nvoglshim64.dll) WinVerifyTrust
2591be4.450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nvoglshim64.dll
2592be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2593be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2594be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2595be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2596be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2597be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2598be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
2599be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\nvoglshim64.dll (Input=nvoglshim64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2600be4.450: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nvoglshim64.dll
2601be4.450: supR3HardenedDllNotificationCallback: load 00007fff03ea0000 LB 0x0002c000 C:\WINDOWS\system32\nvoglshim64.dll [fFlags=0x0]
2602be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nvoglshim64.dll
2603be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ea0000 'C:\WINDOWS\system32\nvoglshim64.dll'
2604be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16120000 'C:\WINDOWS\system32\gdi32.dll'
2605be4.450: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Users\User\nvoglv64': 0 (NtPath=\??\C:\Users\User\nvoglv64; Input=C:\Users\User\nvoglv64; rcNtGetDll=0x0
2606be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\User\nvoglv64 (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2607be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Users\User\nvoglv64'
2608be4.450: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\nvoglv64': 0 (NtPath=\??\C:\WINDOWS\system32\nvoglv64; Input=C:\WINDOWS\system32\nvoglv64; rcNtGetDll=0x0
2609be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\nvoglv64 (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2610be4.450: \Device\HarddiskVolume4\Windows\System32\nvoglv64.dll: Owner is administrators group.
2611be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2612be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2613be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
2614be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2615be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
2616be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wtsapi32.dll'.
2617be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'version.dll'.
2618be4.450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nvoglv64.dll)
2619be4.450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nvoglv64.dll
2620be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2621be4.450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll)
2622be4.450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
2623be4.450: supR3HardenedDllNotificationCallback: load 00007fff15b10000 LB 0x001da000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
2624be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
2625be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2626be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
2627be4.450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll)
2628be4.450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2629be4.450: supR3HardenedDllNotificationCallback: load 00007fff137d0000 LB 0x00012000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
2630be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll [avoiding WinVerifyTrust]
2631be4.450: supR3HardenedDllNotificationCallback: load 0000000076a80000 LB 0x01576000 C:\WINDOWS\system32\nvoglv64.DLL [fFlags=0x0]
2632be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nvoglv64.dll [avoiding WinVerifyTrust]
2633be4.450: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\setupapi.dll'.
2634be4.450: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rescheduled]
2635be4.450: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll'.
2636be4.450: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll' [rescheduled]
2637be4.450: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nvoglv64.dll'.
2638be4.450: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\nvoglv64.dll' [rescheduled]
2639be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2640be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2641be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2642be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2643be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2644be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2645be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
2646be4.450: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
2647be4.450: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
2648be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2649be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2650be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2651be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2652be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
2653be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
2654be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
2655be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll [redoing WinVerifyTrust]
2656be4.450: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll'.
2657be4.450: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
2658be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2659be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2660be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll [redoing WinVerifyTrust]
2661be4.450: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\setupapi.dll'.
2662be4.450: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2663be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2664be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2665be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2666be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2667be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
2668be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2669be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2670be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2671be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2672be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16120000 'C:\WINDOWS\system32\gdi32.dll'
2673be4.450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2674be4.450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
2675be4.450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
2676be4.450: supR3HardenedDllNotificationCallback: load 00007fff142d0000 LB 0x00032000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
2677be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2678be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076a80000 'C:\WINDOWS\system32\nvoglv64'
2679be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2680be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2681be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2682be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2683be4.450: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
2684be4.4050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2685be4.4050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
2686be4.4050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
2687be4.4050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
2688be4.4050: supR3HardenedDllNotificationCallback: load 00007fff14ef0000 LB 0x00046000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0]
2689be4.4050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
2690be4.4050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2691be4.4050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winsta.dll)
2692be4.4050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winsta.dll
2693be4.4050: supR3HardenedDllNotificationCallback: load 00007fff14dd0000 LB 0x0005a000 C:\WINDOWS\SYSTEM32\WINSTA.dll [fFlags=0x0]
2694be4.4050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winsta.dll [avoiding WinVerifyTrust]
2695be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2696be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2697be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2698be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2699be4.450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
2700be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2701be4.450: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2702be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2703be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2704be4.450: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winsta.dll'
2705be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2706be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2707be4.450: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
2708be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
2709be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2710be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\opengl32.dll'
2711be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
2712be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2713be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff13260000 'C:\WINDOWS\system32\dwmapi.dll'
2714be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
2715be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2716be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2717be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2718be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2719be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2720be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2721be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2722be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2723be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2724be4.450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
2725be4.450: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2726be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2727be4.450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2728be4.3d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2729be4.3d24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefde10000 'C:\WINDOWS\system32\OPENGL32.dll'
2730be4.4420: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2731be4.4420: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2732be4.4420: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2733be4.4420: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2734be4.4420: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2735be4.4420: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2736be4.4420: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2737be4.4420: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2738be4.4420: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2739be4.4420: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2740be4.4420: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2741be4.4420: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2742be4.4420: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2743be4.4420: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2744be4.4420: supR3HardenedDllNotificationCallback: load 00007fff0bae0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2745be4.4420: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2746be4.4420: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0bae0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2747be4.4584: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2748be4.4584: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2749be4.4584: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2750be4.4584: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2751be4.4584: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2752be4.4584: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2753be4.4584: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2754be4.4584: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2755be4.4584: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2756be4.4584: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2757be4.4584: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2758be4.4584: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2759be4.4584: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2760be4.4584: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2761be4.4584: supR3HardenedDllNotificationCallback: load 00007fff0ace0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2762be4.4584: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2763be4.4584: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0ace0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2764be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
2765be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2766be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16340000 'C:\WINDOWS\system32/Shell32.dll'
2767be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2768be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2769be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef8380000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2770be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2771be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2772be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2773be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2774be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2775be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2776be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2777be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2778be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2779be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2780be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2781be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2782be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2783be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2784be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2785be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2786be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2787be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2788be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2789be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2790be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff02050000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2791be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2792be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02050000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
2793be4.3e88: supR3HardenedDllNotificationCallback: Unload 00007fff02050000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2794be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2795be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2796be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2797be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2798be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2799be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2800be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2801be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2802be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2803be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2804be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2805be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2806be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2807be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2808be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2809be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2810be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2811be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2812be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2813be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
2814be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2815be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
2816be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2817be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2818be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2819be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2820be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2821be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2822be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2823be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll [redoing WinVerifyTrust]
2824be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2825be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2826be4.3e88: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'.
2827be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2828be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2829be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
2830be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
2831be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2832be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2833be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2834be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2835be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2836be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2837be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2838be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2839be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2840be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2841be4.3e88: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\setupapi.dll'
2842be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2843be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2844be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2845be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2846be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2847be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2848be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2849be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2850be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2851be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2852be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2853be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2854be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2855be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2856be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2857be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2858be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2859be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2860be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2861be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2862be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2863be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2864be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2865be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2866be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
2867be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2868be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2869be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2870be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2871be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2872be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2873be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2874be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2875be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2876be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2877be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2878be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2879be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
2880be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume4\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
2881be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001044 pwszName=\Device\HarddiskVolume4\Windows\System32\newdev.dll
2882be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
2883be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
2884be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B90F53BC1E04734936A6993D9005F5A7C816F8F
2885be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2886be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2887be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_868_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\newdev.dll'
2888be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2889be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2890be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2891be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2892be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2893be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
2894be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
2895be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
2896be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\newdev.dll) WinVerifyTrust
2897be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\newdev.dll
2898be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2899be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2900be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2901be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2902be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2903be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2904be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2905be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2906be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2907be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2908be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2909be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2910be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2911be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2912be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
2913be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2914be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2915be4.3e88: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
2916be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2917be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2918be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2919be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2920be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2921be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2922be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
2923be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2924be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2925be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
2926be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2927be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2928be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2929be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2930be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2931be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2932be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
2933be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
2934be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2935be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2936be4.3e88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\devrtl.dll)
2937be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devrtl.dll
2938be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff02650000 LB 0x00016000 C:\WINDOWS\SYSTEM32\devrtl.DLL [fFlags=0x0]
2939be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2940be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff04b10000 LB 0x00056000 C:\WINDOWS\SYSTEM32\newdev.dll [fFlags=0x0]
2941be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
2942be4.3e88: supR3HardenedDllNotificationCallback: load 00007ffefab50000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2943be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2944be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff02050000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2945be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2946be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff0fbe0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2947be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2948be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff0e220000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2949be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
2950be4.3e88: supR3HardenedDllNotificationCallback: load 00007ffeed2b0000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2951be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2952be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeed2b0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2953be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000109c pwszName=\Device\HarddiskVolume4\Windows\System32\devrtl.dll
2954be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
2955be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
2956be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BD420FD87C527DD7764DD8C12C3F1C9F0448C71
2957be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2958be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2959be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2960be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2961be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1966_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
2962be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2963be4.3e88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
2964be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2965be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
2966be4.3e88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
2967be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2968be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2969be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2970be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2971be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff01260000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2972be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2973be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff01260000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
2974be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2975be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
2976be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2977be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeeeb10000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
2978be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2979be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2980be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2981be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02050000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
2982be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2983be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2984be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2985be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2986be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2987be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2988be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2989be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2990be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2991be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2992be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2993be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2994be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff046b0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2995be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2996be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff046b0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
2997be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2998be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
2999be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3000be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3001be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
3002be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3003be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3004be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3005be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3006be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3007be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3008be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3009be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff03ff0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
3010be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3011be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff03ff0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
3012be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3013be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3014be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3015be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3016be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
3017be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3018be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3019be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3020be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3021be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3022be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3023be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3024be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff02c70000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
3025be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3026be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff02c70000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
3027be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3028be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3029be4.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3030be4.4084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3031be4.4084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3032be4.4084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3033be4.4084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
3034be4.4084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3035be4.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3036be4.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3037be4.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3038be4.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3039be4.4084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3040be4.4084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3041be4.4084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3042be4.4084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3043be4.4084: supR3HardenedDllNotificationCallback: load 00007fff04380000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
3044be4.4084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3045be4.4084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff04380000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
3046be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3047be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3048be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3049be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3050be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3051be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
3052be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
3053be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
3054be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3055be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3056be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3057be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3058be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3059be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3060be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3061be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3062be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3063be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3064be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3065be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3066be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3067be4.3e88: supR3HardenedDllNotificationCallback: load 00007ffef14c0000 LB 0x000c4000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
3068be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3069be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef14c0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
3070be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
3071be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3072be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff0e220000 'C:\WINDOWS\system32/Iphlpapi.dll'
3073be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
3074be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
3075be4.3e88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
3076be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
3077be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff0d7c0000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
3078be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
3079be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3080be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
3081be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
3082be4.3e88: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
3083be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
3084be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff0d990000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
3085be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
3086be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001160 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
3087be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
3088be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
3089be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7A32ED884F605C3353300D1165178C01A252E7
3090be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3091be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3092be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
3093be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3094be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3095be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3096be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3097be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3098be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3099be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3100be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3101be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3102be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3103be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1995_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
3104be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3105be4.3e88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
3106be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001154 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
3107be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
3108be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
3109be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=852EBF87DB04C5286E131027705696EE75673482
3110be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3111be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3112be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1995_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
3113be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3114be4.3e88: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
3115be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f30 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
3116be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
3117be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
3118be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF2CE4B6EA46F5759902C86AAA15DD883AC6DD4E
3119be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3120be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3121be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
3122be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3123be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3124be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3125be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3126be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3127be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
3128be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
3129be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
3130be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
3131be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
3132be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
3133be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll
3134be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3135be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3136be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3137be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3138be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3139be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3140be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3141be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3142be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3143be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3144be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3145be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3146be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3147be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff01070000 LB 0x0009d000 C:\WINDOWS\system32\dsound.dll [fFlags=0x0]
3148be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3149be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3150be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3151be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff01070000 'C:\WINDOWS\system32\dsound.dll'
3152be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff01070000 'C:\WINDOWS\system32/dsound.dll'
3153be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3154be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3155be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3156be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
3157be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'.
3158be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3159be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3160be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
3161be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
3162be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [redoing WinVerifyTrust]
3163be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3164be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3165be4.3e88: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll'
3166be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3167be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3168be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3169be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3170be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3171be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3172be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff12960000 LB 0x00070000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
3173be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3174be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12960000 'C:\WINDOWS\System32\MMDevApi.dll'
3175be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3176be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3177be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12960000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
3178be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3179be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3180be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12530000 'C:\WINDOWS\system32\winmm.dll'
3181be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001050 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3182be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
3183be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
3184be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39D0975C289FEE943955B8CE81B02A0395FAA747
3185be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
3186be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3187be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3188be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3189be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
3190be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3191be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3192be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'mmdevapi.dll'.
3193be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
3194be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'winmm.dll'.
3195be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
3196be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'avrt.dll'.
3197be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
3198be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3199be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3200be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3201be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3202be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3203be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
3204be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
3205be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3206be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3207be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3208be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3209be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3210be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
3211be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
3212be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3213be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3214be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3215be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3216be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3217be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3218be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3219be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3220be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3221be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3222be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3223be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3224be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3225be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3226be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
3227be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
3228be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff11080000 LB 0x00008000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
3229be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
3230be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff12e10000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
3231be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
3232be4.3e88: supR3HardenedDllNotificationCallback: load 00007ffef80b0000 LB 0x0003e000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
3233be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3234be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef80b0000 'C:\WINDOWS\system32\wdmaud.drv'
3235be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3236be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3237be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef80b0000 'C:\WINDOWS\system32\wdmaud.drv'
3238be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3239be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3240be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef80b0000 'C:\WINDOWS\system32\wdmaud.drv'
3241be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3242be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3243be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef80b0000 'C:\WINDOWS\system32\wdmaud.drv'
3244be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3245be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3246be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef80b0000 'C:\WINDOWS\system32\wdmaud.drv'
3247be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3248be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3249be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3250be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
3251be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
3252be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'mmdevapi.dll'.
3253be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
3254be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
3255be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
3256be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3257be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3258be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
3259be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3260be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3261be4.3e88: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
3262be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3263be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3264be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3265be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3266be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3267be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3268be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3269be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3270be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3271be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3272be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
3273be4.3e88: supR3HardenedDllNotificationCallback: load 00007fff07520000 LB 0x0007e000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
3274be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
3275be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff07520000 'C:\WINDOWS\system32\AUDIOSES.DLL'
3276be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001164 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
3277be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
3278be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
3279be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC41C5E1A841A83249581F1B29E14A708B8981A9
3280be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3281be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3282be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
3283be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3284be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3285be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3286be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3287be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
3288be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
3289be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
3290be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3291be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3292be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3293be4.3e88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3294be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3295be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3296be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3297be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3298be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3299be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
3300be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3301be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3302be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3303be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3304be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3305be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3306be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3307be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3308be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3309be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3310be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3311be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3312be4.3e88: supR3HardenedDllNotificationCallback: load 00007ffef8090000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
3313be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3314be4.3e88: supR3HardenedDllNotificationCallback: load 00007ffefa860000 LB 0x0000b000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
3315be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3316be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa860000 'C:\WINDOWS\system32\msacm32.drv'
3317be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3318be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3319be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa860000 'C:\WINDOWS\system32\msacm32.drv'
3320be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3321be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3322be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa860000 'C:\WINDOWS\system32\msacm32.drv'
3323be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3324be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3325be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa860000 'C:\WINDOWS\system32\msacm32.drv'
3326be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3327be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3328be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa860000 'C:\WINDOWS\system32\msacm32.drv'
3329be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3330be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3331be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa860000 'C:\WINDOWS\system32\msacm32.drv'
3332be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3333be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3334be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa860000 'C:\WINDOWS\system32\msacm32.drv'
3335be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa860000 'C:\WINDOWS\system32\msacm32.drv'
3336be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa860000 'C:\WINDOWS\system32\msacm32.drv'
3337be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffefa860000 'C:\WINDOWS\system32\msacm32.drv'
3338be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011f8 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
3339be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001325710
3340be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001325710
3341be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0F2984C30BFC77017EA7B9BF6F656853E29D991
3342be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3343be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15180000 'C:\WINDOWS\system32\crypt32.dll'
3344be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
3345be4.3e88: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3346be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3347be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3348be4.3e88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3349be4.3e88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
3350be4.3e88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
3351be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3352be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3353be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3354be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3355be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3356be4.3e88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3357be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3358be4.3e88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3359be4.3e88: supR3HardenedDllNotificationCallback: load 00007ffef8080000 LB 0x0000a000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
3360be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3361be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef8080000 'C:\WINDOWS\system32\midimap.dll'
3362be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3363be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3364be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef8080000 'C:\WINDOWS\system32\midimap.dll'
3365be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3366be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3367be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef8080000 'C:\WINDOWS\system32\midimap.dll'
3368be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3369be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3370be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef8080000 'C:\WINDOWS\system32\midimap.dll'
3371be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12530000 'C:\WINDOWS\system32\winmm.dll'
3372be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3373be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3374be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff01070000 'C:\WINDOWS\System32\dsound.dll'
3375be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12530000 'C:\WINDOWS\system32\winmm.dll'
3376be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff12530000 'C:\WINDOWS\system32\winmm.dll'
3377be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffef8380000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3378be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff143e0000 'C:\WINDOWS\system32\rsaenh.dll'
3379be4.3e88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
3380be4.3e88: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3381be4.3e88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff15880000 'C:\WINDOWS\system32/kernel32.dll'
3382be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16340000 'C:\WINDOWS\system32\shell32.dll'
3383be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16340000 'C:\WINDOWS\system32\shell32.dll'
3384be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16340000 'C:\WINDOWS\system32\shell32.dll'
3385be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16340000 'C:\WINDOWS\system32\shell32.dll'
3386be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16340000 'C:\WINDOWS\system32\shell32.dll'
3387be4.3cf0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff16340000 'C:\WINDOWS\system32\shell32.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy