VirtualBox

Ticket #15378: Windows Server 2008 R2-2021-07-11-10-23-32.log

File Windows Server 2008 R2-2021-07-11-10-23-32.log, 468.9 KB (added by Mark Cranness, 3 years ago)
Line 
1430.4300: Log file opened: 5.2.44r139111 g_hStartupLog=0000000000000108 g_uNtVerCombined=0xa04a6200
2430.4300: \SystemRoot\System32\ntdll.dll:
3430.4300: CreationTime: 2021-06-11T03:33:39.848648100Z
4430.4300: LastWriteTime: 2021-06-11T03:33:39.907711900Z
5430.4300: ChangeTime: 2021-06-20T00:37:19.542978400Z
6430.4300: FileAttributes: 0x20
7430.4300: Size: 0x1ee508
8430.4300: NT Headers: 0xe8
9430.4300: Timestamp: 0x7977b9de
10430.4300: Machine: 0x8664 - amd64
11430.4300: Timestamp: 0x7977b9de
12430.4300: Image Version: 10.0
13430.4300: SizeOfImage: 0x1f5000 (2052096)
14430.4300: Resource Dir: 0x184000 LB 0x6fdc8
15430.4300: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16430.4300: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17430.4300: ProductName: Microsoft® Windows® Operating System
18430.4300: ProductVersion: 10.0.19041.1023
19430.4300: FileVersion: 10.0.19041.1023 (WinBuild.160101.0800)
20430.4300: FileDescription: NT Layer DLL
21430.4300: \SystemRoot\System32\kernel32.dll:
22430.4300: CreationTime: 2021-06-11T03:33:30.785150400Z
23430.4300: LastWriteTime: 2021-06-11T03:33:30.796862500Z
24430.4300: ChangeTime: 2021-06-20T00:37:14.528535900Z
25430.4300: FileAttributes: 0x20
26430.4300: Size: 0xbac20
27430.4300: NT Headers: 0xe8
28430.4300: Timestamp: 0x92f57b1a
29430.4300: Machine: 0x8664 - amd64
30430.4300: Timestamp: 0x92f57b1a
31430.4300: Image Version: 10.0
32430.4300: SizeOfImage: 0xbd000 (774144)
33430.4300: Resource Dir: 0xbb000 LB 0x520
34430.4300: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35430.4300: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36430.4300: ProductName: Microsoft® Windows® Operating System
37430.4300: ProductVersion: 10.0.19041.1023
38430.4300: FileVersion: 10.0.19041.1023 (WinBuild.160101.0800)
39430.4300: FileDescription: Windows NT BASE API Client DLL
40430.4300: \SystemRoot\System32\KernelBase.dll:
41430.4300: CreationTime: 2021-06-11T03:33:40.710015300Z
42430.4300: LastWriteTime: 2021-06-11T03:33:40.767599100Z
43430.4300: ChangeTime: 2021-06-20T00:37:18.418243500Z
44430.4300: FileAttributes: 0x20
45430.4300: Size: 0x2c8b80
46430.4300: NT Headers: 0xf0
47430.4300: Timestamp: 0x924f9cdb
48430.4300: Machine: 0x8664 - amd64
49430.4300: Timestamp: 0x924f9cdb
50430.4300: Image Version: 10.0
51430.4300: SizeOfImage: 0x2c8000 (2916352)
52430.4300: Resource Dir: 0x29f000 LB 0x548
53430.4300: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54430.4300: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55430.4300: ProductName: Microsoft® Windows® Operating System
56430.4300: ProductVersion: 10.0.19041.1023
57430.4300: FileVersion: 10.0.19041.1023 (WinBuild.160101.0800)
58430.4300: FileDescription: Windows NT BASE API Client DLL
59430.4300: \SystemRoot\System32\apisetschema.dll:
60430.4300: CreationTime: 2019-12-07T09:08:13.518339400Z
61430.4300: LastWriteTime: 2019-12-07T09:08:13.518339400Z
62430.4300: ChangeTime: 2021-06-11T03:34:18.200140700Z
63430.4300: FileAttributes: 0x20
64430.4300: Size: 0x1f538
65430.4300: NT Headers: 0xd0
66430.4300: Timestamp: 0x31288ce0
67430.4300: Machine: 0x8664 - amd64
68430.4300: Timestamp: 0x31288ce0
69430.4300: Image Version: 10.0
70430.4300: SizeOfImage: 0x20000 (131072)
71430.4300: Resource Dir: 0x1f000 LB 0x408
72430.4300: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73430.4300: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74430.4300: ProductName: Microsoft® Windows® Operating System
75430.4300: ProductVersion: 10.0.19041.1
76430.4300: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
77430.4300: FileDescription: ApiSet Schema DLL
78430.4300: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79430.4300: supR3HardenedWinFindAdversaries: 0x80
80430.4300: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
81430.4300: CreationTime: 2018-09-06T04:58:57.414771000Z
82430.4300: LastWriteTime: 2018-09-27T21:40:37.008033600Z
83430.4300: ChangeTime: 2020-08-14T10:22:40.597642100Z
84430.4300: FileAttributes: 0x20
85430.4300: Size: 0x3f520
86430.4300: NT Headers: 0xf8
87430.4300: Timestamp: 0x5b568210
88430.4300: Machine: 0x8664 - amd64
89430.4300: Timestamp: 0x5b568210
90430.4300: Image Version: 10.0
91430.4300: SizeOfImage: 0x41000 (266240)
92430.4300: Resource Dir: 0x3f000 LB 0x3b8
93430.4300: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
94430.4300: [Raw version resource data: 0x3f060 LB 0x358, codepage 0x0 (reserved 0x0)]
95430.4300: ProductName: Malwarebytes SwissArmy
96430.4300: ProductVersion: 4.3.0.161
97430.4300: FileVersion: 4.3.0.161
98430.4300: FileDescription: Malwarebytes SwissArmy
99430.4300: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
100430.4300: Calling main()
101430.4300: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
102430.4300: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
103430.4300: SUPR3HardenedMain: Respawn #1
104430.4300: System32: \Device\HarddiskVolume4\Windows\System32
105430.4300: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
106430.4300: KnownDllPath: C:\WINDOWS\System32
107430.4300: supR3HardenedWinInit: Performing a limited self purification...
108430.4300: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
109430.4300: *0000000000000000-0000000000abffff 0x0001/0x0000 0x0000000
110430.4300: *0000000000ac0000-0000000000acffff 0x0004/0x0004 0x0040000
111430.4300: *0000000000ad0000-0000000000ad2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sfc.dll
112430.4300: 0000000000ad3000-0000000000adffff 0x0001/0x0000 0x0000000
113430.4300: *0000000000ae0000-0000000000afcfff 0x0002/0x0002 0x0040000
114430.4300: 0000000000afd000-0000000000afffff 0x0001/0x0000 0x0000000
115430.4300: *0000000000b00000-0000000000bb0fff 0x0000/0x0004 0x0020000
116430.4300: 0000000000bb1000-0000000000bb3fff 0x0104/0x0004 0x0020000
117430.4300: 0000000000bb4000-0000000000bfffff 0x0004/0x0004 0x0020000
118430.4300: *0000000000c00000-0000000000dbffff 0x0000/0x0004 0x0020000
119430.4300: 0000000000dc0000-0000000000dc2fff 0x0004/0x0004 0x0020000
120430.4300: 0000000000dc3000-0000000000dfffff 0x0000/0x0004 0x0020000
121430.4300: *0000000000e00000-0000000000e03fff 0x0002/0x0002 0x0040000
122430.4300: 0000000000e04000-0000000000e0ffff 0x0001/0x0000 0x0000000
123430.4300: *0000000000e10000-0000000000e11fff 0x0004/0x0004 0x0020000
124430.4300: 0000000000e12000-0000000000e1ffff 0x0001/0x0000 0x0000000
125430.4300: *0000000000e20000-0000000000ee8fff 0x0002/0x0002 0x0040000
126430.4300: 0000000000ee9000-0000000000eeffff 0x0001/0x0000 0x0000000
127430.4300: *0000000000ef0000-0000000000ef1fff 0x0004/0x0004 0x0020000
128430.4300: 0000000000ef2000-0000000000f21fff 0x0000/0x0004 0x0020000
129430.4300: 0000000000f22000-0000000000f2ffff 0x0001/0x0000 0x0000000
130430.4300: *0000000000f30000-0000000000f30fff 0x0002/0x0002 0x0040000
131430.4300: 0000000000f31000-0000000000f3ffff 0x0001/0x0000 0x0000000
132430.4300: *0000000000f40000-0000000000f40fff 0x0002/0x0002 0x0040000
133430.4300: 0000000000f41000-0000000000f4ffff 0x0001/0x0000 0x0000000
134430.4300: *0000000000f50000-0000000000f86fff 0x0004/0x0004 0x0020000
135430.4300: 0000000000f87000-000000000104ffff 0x0000/0x0004 0x0020000
136430.4300: *0000000001050000-0000000001050fff 0x0002/0x0002 0x0040000
137430.4300: 0000000001051000-000000000105ffff 0x0001/0x0000 0x0000000
138430.4300: *0000000001060000-0000000001060fff 0x0004/0x0004 0x0020000
139430.4300: 0000000001061000-0000000001091fff 0x0000/0x0004 0x0020000
140430.4300: 0000000001092000-000000000109ffff 0x0001/0x0000 0x0000000
141430.4300: *00000000010a0000-00000000010a3fff 0x0002/0x0002 0x0040000
142430.4300: 00000000010a4000-00000000010a7fff 0x0000/0x0002 0x0040000
143430.4300: 00000000010a8000-00000000010affff 0x0001/0x0000 0x0000000
144430.4300: *00000000010b0000-00000000010b1fff 0x0004/0x0004 0x0020000
145430.4300: 00000000010b2000-00000000010e1fff 0x0000/0x0004 0x0020000
146430.4300: 00000000010e2000-000000000119ffff 0x0001/0x0000 0x0000000
147430.4300: *00000000011a0000-00000000011a7fff 0x0004/0x0004 0x0020000
148430.4300: 00000000011a8000-00000000011affff 0x0000/0x0004 0x0020000
149430.4300: *00000000011b0000-000000000147efff 0x0002/0x0002 0x0040000
150430.4300: 000000000147f000-000000000147ffff 0x0001/0x0000 0x0000000
151430.4300: *0000000001480000-000000000148efff 0x0002/0x0002 0x0040000
152430.4300: 000000000148f000-000000000167ffff 0x0000/0x0002 0x0040000
153430.4300: *0000000001680000-0000000001800fff 0x0002/0x0002 0x0040000
154430.4300: 0000000001801000-000000000180ffff 0x0001/0x0000 0x0000000
155430.4300: *0000000001810000-0000000001890fff 0x0002/0x0002 0x0040000
156430.4300: 0000000001891000-0000000002c10fff 0x0000/0x0002 0x0040000
157430.4300: 0000000002c11000-0000000002c1ffff 0x0001/0x0000 0x0000000
158430.4300: *0000000002c20000-0000000002c3cfff 0x0004/0x0004 0x0020000
159430.4300: 0000000002c3d000-0000000002d1ffff 0x0000/0x0004 0x0020000
160430.4300: 0000000002d20000-0000000002e0ffff 0x0001/0x0000 0x0000000
161430.4300: *0000000002e10000-0000000002e1efff 0x0004/0x0004 0x0020000
162430.4300: 0000000002e1f000-0000000002e1ffff 0x0000/0x0004 0x0020000
163430.4300: *0000000002e20000-0000000002e2efff 0x0000/0x0004 0x0020000
164430.4300: 0000000002e2f000-0000000003024fff 0x0004/0x0004 0x0020000
165430.4300: 0000000003025000-0000000003025fff 0x0000/0x0004 0x0020000
166430.4300: 0000000003026000-000000007ffdffff 0x0001/0x0000 0x0000000
167430.4300: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
168430.4300: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
169430.4300: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
170430.4300: 000000007ffea000-00007ff4196fffff 0x0001/0x0000 0x0000000
171430.4300: *00007ff419700000-00007ff419704fff 0x0002/0x0002 0x0040000
172430.4300: 00007ff419705000-00007ff4197fffff 0x0000/0x0002 0x0040000
173430.4300: *00007ff419800000-00007ff51981ffff 0x0000/0x0004 0x0020000
174430.4300: *00007ff519820000-00007ff51b81ffff 0x0000/0x0004 0x0020000
175430.4300: 00007ff51b820000-00007ff51b820fff 0x0004/0x0004 0x0020000
176430.4300: 00007ff51b821000-00007ff51b82ffff 0x0001/0x0000 0x0000000
177430.4300: *00007ff51b830000-00007ff51b830fff 0x0002/0x0002 0x0040000
178430.4300: 00007ff51b831000-00007ff51b83ffff 0x0001/0x0000 0x0000000
179430.4300: *00007ff51b840000-00007ff51b862fff 0x0002/0x0002 0x0040000
180430.4300: 00007ff51b863000-00007ff76cafffff 0x0001/0x0000 0x0000000
181430.4300: *00007ff76cb00000-00007ff76cb00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
182430.4300: 00007ff76cb01000-00007ff76cb72fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
183430.4300: 00007ff76cb73000-00007ff76cb73fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
184430.4300: 00007ff76cb74000-00007ff76cbbafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
185430.4300: 00007ff76cbbb000-00007ff76cbbdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
186430.4300: 00007ff76cbbe000-00007ff76cbc0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
187430.4300: 00007ff76cbc1000-00007ff76cbc3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
188430.4300: 00007ff76cbc4000-00007ff76cbc4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
189430.4300: 00007ff76cbc5000-00007ff76cbc6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
190430.4300: 00007ff76cbc7000-00007ff76cbc7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
191430.4300: 00007ff76cbc8000-00007ff76cc0ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
192430.4300: 00007ff76cc10000-00007fffa108ffff 0x0001/0x0000 0x0000000
193430.4300: *00007fffa1090000-00007fffa1090fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\AcLayers.dll
194430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffa1090000 LB 0x1000 (base 00007fffa1090000) - 'AcLayers.dll'
195430.4300: 00007fffa1091000-00007fffa10bafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\AcLayers.dll
196430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffa1091000 LB 0x2a000 (base 00007fffa1090000) - 'AcLayers.dll'
197430.4300: 00007fffa10bb000-00007fffa10d7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\AcLayers.dll
198430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffa10bb000 LB 0x1d000 (base 00007fffa1090000) - 'AcLayers.dll'
199430.4300: 00007fffa10d8000-00007fffa10d8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\AcLayers.dll
200430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffa10d8000 LB 0x1000 (base 00007fffa1090000) - 'AcLayers.dll'
201430.4300: 00007fffa10d9000-00007fffa10dafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\AcLayers.dll
202430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffa10d9000 LB 0x2000 (base 00007fffa1090000) - 'AcLayers.dll'
203430.4300: 00007fffa10db000-00007fffa10e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\AcLayers.dll
204430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffa10db000 LB 0x8000 (base 00007fffa1090000) - 'AcLayers.dll'
205430.4300: 00007fffa10e3000-00007fffa151dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\AcLayers.dll
206430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffa10e3000 LB 0x43b000 (base 00007fffa1090000) - 'AcLayers.dll'
207430.4300: 00007fffa151e000-00007fffa151ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\AcLayers.dll
208430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffa151e000 LB 0x2000 (base 00007fffa1090000) - 'AcLayers.dll'
209430.4300: 00007fffa1520000-00007fffa1523fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\AcLayers.dll
210430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffa1520000 LB 0x4000 (base 00007fffa1090000) - 'AcLayers.dll'
211430.4300: 00007fffa1524000-00007fffb637ffff 0x0001/0x0000 0x0000000
212430.4300: *00007fffb6380000-00007fffb6380fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sfc_os.dll
213430.4300: 00007fffb6381000-00007fffb6387fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sfc_os.dll
214430.4300: 00007fffb6388000-00007fffb638cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sfc_os.dll
215430.4300: 00007fffb638d000-00007fffb638dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sfc_os.dll
216430.4300: 00007fffb638e000-00007fffb6391fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sfc_os.dll
217430.4300: 00007fffb6392000-00007fffb8c6ffff 0x0001/0x0000 0x0000000
218430.4300: *00007fffb8c70000-00007fffb8c70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winspool.drv
219430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffb8c70000 LB 0x1000 (base 00007fffb8c70000) - 'winspool.drv'
220430.4300: 00007fffb8c71000-00007fffb8cbffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winspool.drv
221430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffb8c71000 LB 0x4f000 (base 00007fffb8c70000) - 'winspool.drv'
222430.4300: 00007fffb8cc0000-00007fffb8cdefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winspool.drv
223430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffb8cc0000 LB 0x1f000 (base 00007fffb8c70000) - 'winspool.drv'
224430.4300: 00007fffb8cdf000-00007fffb8ce0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winspool.drv
225430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffb8cdf000 LB 0x2000 (base 00007fffb8c70000) - 'winspool.drv'
226430.4300: 00007fffb8ce1000-00007fffb8cfdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winspool.drv
227430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffb8ce1000 LB 0x1d000 (base 00007fffb8c70000) - 'winspool.drv'
228430.4300: 00007fffb8cfe000-00007fffcff8ffff 0x0001/0x0000 0x0000000
229430.4300: *00007fffcff90000-00007fffcff90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SortWindows61.dll
230430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffcff90000 LB 0x1000 (base 00007fffcff90000) - 'SortWindows61.dll'
231430.4300: 00007fffcff91000-00007fffcff9bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SortWindows61.dll
232430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffcff91000 LB 0xb000 (base 00007fffcff90000) - 'SortWindows61.dll'
233430.4300: 00007fffcff9c000-00007fffcff9cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SortWindows61.dll
234430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffcff9c000 LB 0x1000 (base 00007fffcff90000) - 'SortWindows61.dll'
235430.4300: 00007fffcff9d000-00007fffcff9dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SortWindows61.dll
236430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffcff9d000 LB 0x1000 (base 00007fffcff90000) - 'SortWindows61.dll'
237430.4300: 00007fffcff9e000-00007fffcffa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SortWindows61.dll
238430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffcff9e000 LB 0x3000 (base 00007fffcff90000) - 'SortWindows61.dll'
239430.4300: 00007fffcffa1000-00007fffd1cbffff 0x0001/0x0000 0x0000000
240430.4300: *00007fffd1cc0000-00007fffd1cc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
241430.4300: 00007fffd1cc1000-00007fffd1d0efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
242430.4300: 00007fffd1d0f000-00007fffd1d30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
243430.4300: 00007fffd1d31000-00007fffd1d33fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
244430.4300: 00007fffd1d34000-00007fffd1d4ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
245430.4300: 00007fffd1d50000-00007fffd430ffff 0x0001/0x0000 0x0000000
246430.4300: *00007fffd4310000-00007fffd4310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
247430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4310000 LB 0x1000 (base 00007fffd4310000) - 'win32u.dll'
248430.4300: 00007fffd4311000-00007fffd431bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
249430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4311000 LB 0xb000 (base 00007fffd4310000) - 'win32u.dll'
250430.4300: 00007fffd431c000-00007fffd432afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
251430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd431c000 LB 0xf000 (base 00007fffd4310000) - 'win32u.dll'
252430.4300: 00007fffd432b000-00007fffd432bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
253430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd432b000 LB 0x1000 (base 00007fffd4310000) - 'win32u.dll'
254430.4300: 00007fffd432c000-00007fffd4331fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
255430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd432c000 LB 0x6000 (base 00007fffd4310000) - 'win32u.dll'
256430.4300: 00007fffd4332000-00007fffd441ffff 0x0001/0x0000 0x0000000
257430.4300: *00007fffd4420000-00007fffd4420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
258430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4420000 LB 0x1000 (base 00007fffd4420000) - 'ucrtbase.dll'
259430.4300: 00007fffd4421000-00007fffd44d4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
260430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4421000 LB 0xb4000 (base 00007fffd4420000) - 'ucrtbase.dll'
261430.4300: 00007fffd44d5000-00007fffd450efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
262430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd44d5000 LB 0x3a000 (base 00007fffd4420000) - 'ucrtbase.dll'
263430.4300: 00007fffd450f000-00007fffd4511fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
264430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd450f000 LB 0x3000 (base 00007fffd4420000) - 'ucrtbase.dll'
265430.4300: 00007fffd4512000-00007fffd451ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
266430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4512000 LB 0xe000 (base 00007fffd4420000) - 'ucrtbase.dll'
267430.4300: 00007fffd4520000-00007fffd45fffff 0x0001/0x0000 0x0000000
268430.4300: *00007fffd4600000-00007fffd4600fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
269430.4300: 00007fffd4601000-00007fffd4711fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
270430.4300: 00007fffd4712000-00007fffd4889fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
271430.4300: 00007fffd488a000-00007fffd488dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
272430.4300: 00007fffd488e000-00007fffd488efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
273430.4300: 00007fffd488f000-00007fffd48c7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
274430.4300: 00007fffd48c8000-00007fffd48cffff 0x0001/0x0000 0x0000000
275430.4300: *00007fffd48d0000-00007fffd48d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
276430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd48d0000 LB 0x1000 (base 00007fffd48d0000) - 'gdi32full.dll'
277430.4300: 00007fffd48d1000-00007fffd496cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
278430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd48d1000 LB 0x9c000 (base 00007fffd48d0000) - 'gdi32full.dll'
279430.4300: 00007fffd496d000-00007fffd49b9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
280430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd496d000 LB 0x4d000 (base 00007fffd48d0000) - 'gdi32full.dll'
281430.4300: 00007fffd49ba000-00007fffd49bdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
282430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd49ba000 LB 0x4000 (base 00007fffd48d0000) - 'gdi32full.dll'
283430.4300: 00007fffd49be000-00007fffd49befff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
284430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd49be000 LB 0x1000 (base 00007fffd48d0000) - 'gdi32full.dll'
285430.4300: 00007fffd49bf000-00007fffd49dafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
286430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd49bf000 LB 0x1c000 (base 00007fffd48d0000) - 'gdi32full.dll'
287430.4300: 00007fffd49db000-00007fffd49dffff 0x0001/0x0000 0x0000000
288430.4300: *00007fffd49e0000-00007fffd49e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
289430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd49e0000 LB 0x1000 (base 00007fffd49e0000) - 'msvcp_win.dll'
290430.4300: 00007fffd49e1000-00007fffd4a34fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
291430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd49e1000 LB 0x54000 (base 00007fffd49e0000) - 'msvcp_win.dll'
292430.4300: 00007fffd4a35000-00007fffd4a70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
293430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4a35000 LB 0x3c000 (base 00007fffd49e0000) - 'msvcp_win.dll'
294430.4300: 00007fffd4a71000-00007fffd4a71fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
295430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4a71000 LB 0x1000 (base 00007fffd49e0000) - 'msvcp_win.dll'
296430.4300: 00007fffd4a72000-00007fffd4a74fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
297430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4a72000 LB 0x3000 (base 00007fffd49e0000) - 'msvcp_win.dll'
298430.4300: 00007fffd4a75000-00007fffd4a7cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
299430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4a75000 LB 0x8000 (base 00007fffd49e0000) - 'msvcp_win.dll'
300430.4300: 00007fffd4a7d000-00007fffd4c4ffff 0x0001/0x0000 0x0000000
301430.4300: *00007fffd4c50000-00007fffd4c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
302430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4c50000 LB 0x1000 (base 00007fffd4c50000) - 'gdi32.dll'
303430.4300: 00007fffd4c51000-00007fffd4c5efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
304430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4c51000 LB 0xe000 (base 00007fffd4c50000) - 'gdi32.dll'
305430.4300: 00007fffd4c5f000-00007fffd4c72fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
306430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4c5f000 LB 0x14000 (base 00007fffd4c50000) - 'gdi32.dll'
307430.4300: 00007fffd4c73000-00007fffd4c73fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
308430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4c73000 LB 0x1000 (base 00007fffd4c50000) - 'gdi32.dll'
309430.4300: 00007fffd4c74000-00007fffd4c79fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
310430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4c74000 LB 0x6000 (base 00007fffd4c50000) - 'gdi32.dll'
311430.4300: 00007fffd4c7a000-00007fffd4c7ffff 0x0001/0x0000 0x0000000
312430.4300: *00007fffd4c80000-00007fffd4c80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
313430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4c80000 LB 0x1000 (base 00007fffd4c80000) - 'msvcrt.dll'
314430.4300: 00007fffd4c81000-00007fffd4cf5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
315430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4c81000 LB 0x75000 (base 00007fffd4c80000) - 'msvcrt.dll'
316430.4300: 00007fffd4cf6000-00007fffd4d0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
317430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4cf6000 LB 0x19000 (base 00007fffd4c80000) - 'msvcrt.dll'
318430.4300: 00007fffd4d0f000-00007fffd4d10fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
319430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4d0f000 LB 0x2000 (base 00007fffd4c80000) - 'msvcrt.dll'
320430.4300: 00007fffd4d11000-00007fffd4d13fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
321430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4d11000 LB 0x3000 (base 00007fffd4c80000) - 'msvcrt.dll'
322430.4300: 00007fffd4d14000-00007fffd4d15fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
323430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4d14000 LB 0x2000 (base 00007fffd4c80000) - 'msvcrt.dll'
324430.4300: 00007fffd4d16000-00007fffd4d16fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
325430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4d16000 LB 0x1000 (base 00007fffd4c80000) - 'msvcrt.dll'
326430.4300: 00007fffd4d17000-00007fffd4d1dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
327430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4d17000 LB 0x7000 (base 00007fffd4c80000) - 'msvcrt.dll'
328430.4300: 00007fffd4d1e000-00007fffd4d1ffff 0x0001/0x0000 0x0000000
329430.4300: *00007fffd4d20000-00007fffd4d20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
330430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4d20000 LB 0x1000 (base 00007fffd4d20000) - 'advapi32.dll'
331430.4300: 00007fffd4d21000-00007fffd4d87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
332430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4d21000 LB 0x67000 (base 00007fffd4d20000) - 'advapi32.dll'
333430.4300: 00007fffd4d88000-00007fffd4dbdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
334430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4d88000 LB 0x36000 (base 00007fffd4d20000) - 'advapi32.dll'
335430.4300: 00007fffd4dbe000-00007fffd4dbefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
336430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4dbe000 LB 0x1000 (base 00007fffd4d20000) - 'advapi32.dll'
337430.4300: 00007fffd4dbf000-00007fffd4dbffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
338430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4dbf000 LB 0x1000 (base 00007fffd4d20000) - 'advapi32.dll'
339430.4300: 00007fffd4dc0000-00007fffd4dc1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
340430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4dc0000 LB 0x2000 (base 00007fffd4d20000) - 'advapi32.dll'
341430.4300: 00007fffd4dc2000-00007fffd4dc2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
342430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4dc2000 LB 0x1000 (base 00007fffd4d20000) - 'advapi32.dll'
343430.4300: 00007fffd4dc3000-00007fffd4dcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
344430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4dc3000 LB 0x9000 (base 00007fffd4d20000) - 'advapi32.dll'
345430.4300: 00007fffd4dcc000-00007fffd4dcffff 0x0001/0x0000 0x0000000
346430.4300: *00007fffd4dd0000-00007fffd4dd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
347430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4dd0000 LB 0x1000 (base 00007fffd4dd0000) - 'shlwapi.dll'
348430.4300: 00007fffd4dd1000-00007fffd4dfdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
349430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4dd1000 LB 0x2d000 (base 00007fffd4dd0000) - 'shlwapi.dll'
350430.4300: 00007fffd4dfe000-00007fffd4e1dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
351430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4dfe000 LB 0x20000 (base 00007fffd4dd0000) - 'shlwapi.dll'
352430.4300: 00007fffd4e1e000-00007fffd4e1efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
353430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4e1e000 LB 0x1000 (base 00007fffd4dd0000) - 'shlwapi.dll'
354430.4300: 00007fffd4e1f000-00007fffd4e24fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
355430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4e1f000 LB 0x6000 (base 00007fffd4dd0000) - 'shlwapi.dll'
356430.4300: 00007fffd4e25000-00007fffd4e2ffff 0x0001/0x0000 0x0000000
357430.4300: *00007fffd4e30000-00007fffd4e30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
358430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4e30000 LB 0x1000 (base 00007fffd4e30000) - 'rpcrt4.dll'
359430.4300: 00007fffd4e31000-00007fffd4f17fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
360430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4e31000 LB 0xe7000 (base 00007fffd4e30000) - 'rpcrt4.dll'
361430.4300: 00007fffd4f18000-00007fffd4f43fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
362430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4f18000 LB 0x2c000 (base 00007fffd4e30000) - 'rpcrt4.dll'
363430.4300: 00007fffd4f44000-00007fffd4f45fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
364430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4f44000 LB 0x2000 (base 00007fffd4e30000) - 'rpcrt4.dll'
365430.4300: 00007fffd4f46000-00007fffd4f5afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
366430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd4f46000 LB 0x15000 (base 00007fffd4e30000) - 'rpcrt4.dll'
367430.4300: 00007fffd4f5b000-00007fffd54affff 0x0001/0x0000 0x0000000
368430.4300: *00007fffd54b0000-00007fffd54b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
369430.4300: 00007fffd54b1000-00007fffd5540fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
370430.4300: 00007fffd5541000-00007fffd5561fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
371430.4300: 00007fffd5562000-00007fffd5563fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
372430.4300: 00007fffd5564000-00007fffd564ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
373430.4300: 00007fffd5650000-00007fffd5a0ffff 0x0001/0x0000 0x0000000
374430.4300: *00007fffd5a10000-00007fffd5a10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
375430.4300: 00007fffd5a11000-00007fffd5a8efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
376430.4300: 00007fffd5a8f000-00007fffd5ac1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
377430.4300: 00007fffd5ac2000-00007fffd5ac2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
378430.4300: 00007fffd5ac3000-00007fffd5ac3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
379430.4300: 00007fffd5ac4000-00007fffd5accfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
380430.4300: 00007fffd5acd000-00007fffd675ffff 0x0001/0x0000 0x0000000
381430.4300: *00007fffd6760000-00007fffd6760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
382430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd6760000 LB 0x1000 (base 00007fffd6760000) - 'sechost.dll'
383430.4300: 00007fffd6761000-00007fffd67c5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
384430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd6761000 LB 0x65000 (base 00007fffd6760000) - 'sechost.dll'
385430.4300: 00007fffd67c6000-00007fffd67ecfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
386430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd67c6000 LB 0x27000 (base 00007fffd6760000) - 'sechost.dll'
387430.4300: 00007fffd67ed000-00007fffd67edfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
388430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd67ed000 LB 0x1000 (base 00007fffd6760000) - 'sechost.dll'
389430.4300: 00007fffd67ee000-00007fffd67eefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
390430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd67ee000 LB 0x1000 (base 00007fffd6760000) - 'sechost.dll'
391430.4300: 00007fffd67ef000-00007fffd67f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
392430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd67ef000 LB 0x2000 (base 00007fffd6760000) - 'sechost.dll'
393430.4300: 00007fffd67f1000-00007fffd67fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
394430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd67f1000 LB 0xa000 (base 00007fffd6760000) - 'sechost.dll'
395430.4300: 00007fffd67fb000-00007fffd67fffff 0x0001/0x0000 0x0000000
396430.4300: *00007fffd6800000-00007fffd6800fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
397430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd6800000 LB 0x1000 (base 00007fffd6800000) - 'imm32.dll'
398430.4300: 00007fffd6801000-00007fffd681efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
399430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd6801000 LB 0x1e000 (base 00007fffd6800000) - 'imm32.dll'
400430.4300: 00007fffd681f000-00007fffd6825fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
401430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd681f000 LB 0x7000 (base 00007fffd6800000) - 'imm32.dll'
402430.4300: 00007fffd6826000-00007fffd6826fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
403430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd6826000 LB 0x1000 (base 00007fffd6800000) - 'imm32.dll'
404430.4300: 00007fffd6827000-00007fffd682ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
405430.4300: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fffd6827000 LB 0x9000 (base 00007fffd6800000) - 'imm32.dll'
406430.4300: 00007fffd6830000-00007fffd6bcffff 0x0001/0x0000 0x0000000
407430.4300: *00007fffd6bd0000-00007fffd6bd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
408430.4300: 00007fffd6bd1000-00007fffd6cebfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
409430.4300: 00007fffd6cec000-00007fffd6d33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
410430.4300: 00007fffd6d34000-00007fffd6d34fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
411430.4300: 00007fffd6d35000-00007fffd6d36fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
412430.4300: 00007fffd6d37000-00007fffd6d3ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
413430.4300: 00007fffd6d40000-00007fffd6dc4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
414430.4300: 00007fffd6dc5000-00007ffffffeffff 0x0001/0x0000 0x0000000
415430.4300: kernel32.dll: timestamp 0x92f57b1a (rc=VINF_SUCCESS)
416430.4300: user32.dll: timestamp 0xefa6b327 (rc=VINF_SUCCESS)
417430.4300: kernelbase.dll: timestamp 0x924f9cdb (rc=VINF_SUCCESS)
418430.4300: apphelp.dll: timestamp 0xdc01baa3 (rc=VINF_SUCCESS)
419430.4300: sfc_os.dll: timestamp 0xad233a3d (rc=VINF_SUCCESS)
420430.4300: VirtualBox.exe: timestamp 0x5f075be6 (rc=VINF_SUCCESS)
421430.4300: sfc.dll: timestamp 0x41630881 (rc=VINF_SUCCESS)
422430.4300: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
423430.4300: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
424430.4300: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
425430.4300: 00007fffd5a913b0 / 0x00813b0: 60 != e0
426430.4300: 00007fffd5a913b1 / 0x00813b1: 47 != 73
427430.4300: 00007fffd5a913b2 / 0x00813b2: bf != 09
428430.4300: 00007fffd5a913b3 / 0x00813b3: d6 != a1
429430.4300: 00007fffd5a913e8 / 0x00813e8: 40 != 50
430430.4300: 00007fffd5a913e9 / 0x00813e9: 36 != 78
431430.4300: 00007fffd5a913ea / 0x00813ea: bf != 09
432430.4300: 00007fffd5a913eb / 0x00813eb: d6 != a1
433430.4300: 00007fffd5a91410 / 0x0081410: a0 != 50
434430.4300: 00007fffd5a91411 / 0x0081411: a9 != 71
435430.4300: 00007fffd5a91412 / 0x0081412: bf != 09
436430.4300: 00007fffd5a91413 / 0x0081413: d6 != a1
437430.4300: 00007fffd5a92780 / 0x0082780: 60 != c0
438430.4300: 00007fffd5a92781 / 0x0082781: 41 != 80
439430.4300: 00007fffd5a92782 / 0x0082782: bf != 09
440430.4300: 00007fffd5a92783 / 0x0082783: d6 != a1
441430.4300: 00007fffd5a929d0 / 0x00829d0: 80 != d0
442430.4300: 00007fffd5a929d1 / 0x00829d1: d9 != 73
443430.4300: 00007fffd5a929d2 / 0x00829d2: c2 != 09
444430.4300: 00007fffd5a929d3 / 0x00829d3: d6 != a1
445430.4300: 00007fffd5a92ae0 / 0x0082ae0: 30 != d0
446430.4300: 00007fffd5a92ae1 / 0x0082ae1: e4 != 80
447430.4300: 00007fffd5a92ae2 / 0x0082ae2: c2 != 09
448430.4300: 00007fffd5a92ae3 / 0x0082ae3: d6 != a1
449430.4300: 00007fffd5a92af0 / 0x0082af0: 90 != 40
450430.4300: 00007fffd5a92af1 / 0x0082af1: e3 != 78
451430.4300: 00007fffd5a92af2 / 0x0082af2: c2 != 09
452430.4300: 00007fffd5a92af3 / 0x0082af3: d6 != a1
453430.4300: 00007fffd5a92f10 / 0x0082f10: 40 != 50
454430.4300: 00007fffd5a92f11 / 0x0082f11: 36 != 78
455430.4300: 00007fffd5a92f12 / 0x0082f12: bf != 09
456430.4300: 00007fffd5a92f13 / 0x0082f13: d6 != a1
457430.4300: Restored 0x2000 bytes of original file content at 00007fffd5a91000
458430.4300: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
459430.4300: 00007fffd5a93178 / 0x0083178: 60 != e0
460430.4300: 00007fffd5a93179 / 0x0083179: 47 != 73
461430.4300: 00007fffd5a9317a / 0x008317a: bf != 09
462430.4300: 00007fffd5a9317b / 0x008317b: d6 != a1
463430.4300: 00007fffd5a931b0 / 0x00831b0: a0 != 50
464430.4300: 00007fffd5a931b1 / 0x00831b1: a9 != 71
465430.4300: 00007fffd5a931b2 / 0x00831b2: bf != 09
466430.4300: 00007fffd5a931b3 / 0x00831b3: d6 != a1
467430.4300: Restored 0x2000 bytes of original file content at 00007fffd5a93000
468430.4300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
469430.4300: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
470430.4300: supHardNtVpGetImport: Failed to find symbol 0xffffffff / 'NtMITSetInputDelegationMode' in 'win32u.dll': Unknown Status -610 (0xfffffd9e)
471430.4300: Error (rc=-5629):
472430.4300: RTLdrGetBits failed on image user32.dll: Unknown Status -610 (0xfffffd9e)
473430.4300: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> Unknown Status -5629 (0xffffea03), cFixes=2
474430.4300: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
475430.4300: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
476430.4300: supR3HardNtEnableThreadCreationEx:
477430.4300: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffd6c44b10 pvNtTerminateThread=00007fffd6c6d870
478430.4300: supR3HardenedWinDoReSpawn(1): New child 27ec.2e84 [kernel32].
479430.4300: supR3HardNtChildGatherData: PebBaseAddress=0000000000f88000 cbPeb=0x388
480430.4300: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fffd6bd0000 uNtDllChildAddr=00007fffd6bd0000
481430.4300: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fffd6c44b10
482430.4300: supR3HardenedWinSetupChildInit: Start child.
483430.4300: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
484430.4300: supR3HardNtChildPurify: Startup delay kludge #1/0: 525 ms, 33 sleeps
485430.4300: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
486430.4300: *0000000000000000-0000000000c4ffff 0x0001/0x0000 0x0000000
487430.4300: *0000000000c50000-0000000000c6ffff 0x0004/0x0004 0x0020000
488430.4300: *0000000000c70000-0000000000c8cfff 0x0002/0x0002 0x0040000
489430.4300: 0000000000c8d000-0000000000c8ffff 0x0001/0x0000 0x0000000
490430.4300: *0000000000c90000-0000000000d8afff 0x0000/0x0004 0x0020000
491430.4300: 0000000000d8b000-0000000000d8dfff 0x0104/0x0004 0x0020000
492430.4300: 0000000000d8e000-0000000000d8ffff 0x0004/0x0004 0x0020000
493430.4300: *0000000000d90000-0000000000d93fff 0x0002/0x0002 0x0040000
494430.4300: 0000000000d94000-0000000000d9ffff 0x0001/0x0000 0x0000000
495430.4300: *0000000000da0000-0000000000da1fff 0x0004/0x0004 0x0020000
496430.4300: 0000000000da2000-0000000000dfffff 0x0001/0x0000 0x0000000
497430.4300: *0000000000e00000-0000000000f87fff 0x0000/0x0004 0x0020000
498430.4300: 0000000000f88000-0000000000f8afff 0x0004/0x0004 0x0020000
499430.4300: 0000000000f8b000-0000000000ffffff 0x0000/0x0004 0x0020000
500430.4300: 0000000001000000-000000007ffdffff 0x0001/0x0000 0x0000000
501430.4300: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
502430.4300: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
503430.4300: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
504430.4300: 000000007ffea000-00007ff5975affff 0x0001/0x0000 0x0000000
505430.4300: *00007ff5975b0000-00007ff5975b0fff 0x0002/0x0002 0x0040000
506430.4300: 00007ff5975b1000-00007ff5975bffff 0x0001/0x0000 0x0000000
507430.4300: *00007ff5975c0000-00007ff5975e2fff 0x0002/0x0002 0x0040000
508430.4300: 00007ff5975e3000-00007ff76cafffff 0x0001/0x0000 0x0000000
509430.4300: *00007ff76cb00000-00007ff76cb00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
510430.4300: 00007ff76cb01000-00007ff76cb72fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
511430.4300: 00007ff76cb73000-00007ff76cb73fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
512430.4300: 00007ff76cb74000-00007ff76cbbafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
513430.4300: 00007ff76cbbb000-00007ff76cbbbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
514430.4300: 00007ff76cbbc000-00007ff76cbbcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
515430.4300: 00007ff76cbbd000-00007ff76cbc1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
516430.4300: 00007ff76cbc2000-00007ff76cbc2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
517430.4300: 00007ff76cbc3000-00007ff76cbc3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
518430.4300: 00007ff76cbc4000-00007ff76cbc7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
519430.4300: 00007ff76cbc8000-00007ff76cc0ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
520430.4300: 00007ff76cc10000-00007fffd6bcffff 0x0001/0x0000 0x0000000
521430.4300: *00007fffd6bd0000-00007fffd6bd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
522430.4300: 00007fffd6bd1000-00007fffd6cebfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
523430.4300: 00007fffd6cec000-00007fffd6d33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
524430.4300: 00007fffd6d34000-00007fffd6d3ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
525430.4300: 00007fffd6d40000-00007fffd6d4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
526430.4300: 00007fffd6d4f000-00007fffd6d4ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
527430.4300: 00007fffd6d50000-00007fffd6d52fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
528430.4300: 00007fffd6d53000-00007fffd6dc4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
529430.4300: 00007fffd6dc5000-00007ffffffeffff 0x0001/0x0000 0x0000000
530430.4300: supR3HardNtChildPurify: Done after 531 ms and 0 fixes (loop #0).
53127ec.2e84: Log file opened: 5.2.44r139111 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6200
53227ec.2e84: supR3HardenedVmProcessInit: uNtDllAddr=00007fffd6bd0000 g_uNtVerCombined=0xa04a6200
53327ec.2e84: ntdll.dll: timestamp 0x7977b9de (rc=VINF_SUCCESS)
53427ec.2e84: New simple heap: #1 0000000001100000 LB 0x400000 (for 2052096 allocation)
535430.4300: supR3HardNtEnableThreadCreationEx:
53627ec.2e84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
53727ec.2e84: System32: \Device\HarddiskVolume4\Windows\System32
53827ec.2e84: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
53927ec.2e84: KnownDllPath: C:\WINDOWS\System32
54027ec.2e84: supR3HardenedVmProcessInit: Opening vboxdrv stub...
54127ec.2e84: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
54227ec.2e84: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
54327ec.2e84: Registered Dll notification callback with NTDLL.
54427ec.2e84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
54527ec.2e84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
54627ec.2e84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
54727ec.2e84: supR3HardenedDllNotificationCallback: load 00007fffd4600000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
54827ec.2e84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
54927ec.2e84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
55027ec.2e84: supR3HardenedDllNotificationCallback: load 00007fffd5a10000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
55127ec.2e84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
55227ec.2e84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd5a10000 'C:\WINDOWS\System32\KERNEL32.DLL'
55327ec.2e84: supR3HardenedDllNotificationCallback: load 00007ff76cb00000 LB 0x00110000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
55427ec.2e84: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
55527ec.2e84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
55627ec.2e84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
55727ec.2e84: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffd6c44b10 pvNtTerminateThread=00007fffd6c6d870
558430.4300: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 56 ms.
55927ec.2e84: \SystemRoot\System32\ntdll.dll:
56027ec.2e84: CreationTime: 2021-06-11T03:33:39.848648100Z
56127ec.2e84: LastWriteTime: 2021-06-11T03:33:39.907711900Z
56227ec.2e84: ChangeTime: 2021-06-20T00:37:19.542978400Z
56327ec.2e84: FileAttributes: 0x20
56427ec.2e84: Size: 0x1ee508
56527ec.2e84: NT Headers: 0xe8
56627ec.2e84: Timestamp: 0x7977b9de
56727ec.2e84: Machine: 0x8664 - amd64
56827ec.2e84: Timestamp: 0x7977b9de
56927ec.2e84: Image Version: 10.0
57027ec.2e84: SizeOfImage: 0x1f5000 (2052096)
57127ec.2e84: Resource Dir: 0x184000 LB 0x6fdc8
57227ec.2e84: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
57327ec.2e84: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
57427ec.2e84: ProductName: Microsoft® Windows® Operating System
57527ec.2e84: ProductVersion: 10.0.19041.1023
57627ec.2e84: FileVersion: 10.0.19041.1023 (WinBuild.160101.0800)
57727ec.2e84: FileDescription: NT Layer DLL
57827ec.2e84: \SystemRoot\System32\kernel32.dll:
57927ec.2e84: CreationTime: 2021-06-11T03:33:30.785150400Z
58027ec.2e84: LastWriteTime: 2021-06-11T03:33:30.796862500Z
58127ec.2e84: ChangeTime: 2021-06-20T00:37:14.528535900Z
58227ec.2e84: FileAttributes: 0x20
58327ec.2e84: Size: 0xbac20
58427ec.2e84: NT Headers: 0xe8
58527ec.2e84: Timestamp: 0x92f57b1a
58627ec.2e84: Machine: 0x8664 - amd64
58727ec.2e84: Timestamp: 0x92f57b1a
58827ec.2e84: Image Version: 10.0
58927ec.2e84: SizeOfImage: 0xbd000 (774144)
59027ec.2e84: Resource Dir: 0xbb000 LB 0x520
59127ec.2e84: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
59227ec.2e84: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
59327ec.2e84: ProductName: Microsoft® Windows® Operating System
59427ec.2e84: ProductVersion: 10.0.19041.1023
59527ec.2e84: FileVersion: 10.0.19041.1023 (WinBuild.160101.0800)
59627ec.2e84: FileDescription: Windows NT BASE API Client DLL
59727ec.2e84: \SystemRoot\System32\KernelBase.dll:
59827ec.2e84: CreationTime: 2021-06-11T03:33:40.710015300Z
59927ec.2e84: LastWriteTime: 2021-06-11T03:33:40.767599100Z
60027ec.2e84: ChangeTime: 2021-06-20T00:37:18.418243500Z
60127ec.2e84: FileAttributes: 0x20
60227ec.2e84: Size: 0x2c8b80
60327ec.2e84: NT Headers: 0xf0
60427ec.2e84: Timestamp: 0x924f9cdb
60527ec.2e84: Machine: 0x8664 - amd64
60627ec.2e84: Timestamp: 0x924f9cdb
60727ec.2e84: Image Version: 10.0
60827ec.2e84: SizeOfImage: 0x2c8000 (2916352)
60927ec.2e84: Resource Dir: 0x29f000 LB 0x548
61027ec.2e84: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
61127ec.2e84: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
61227ec.2e84: ProductName: Microsoft® Windows® Operating System
61327ec.2e84: ProductVersion: 10.0.19041.1023
61427ec.2e84: FileVersion: 10.0.19041.1023 (WinBuild.160101.0800)
61527ec.2e84: FileDescription: Windows NT BASE API Client DLL
61627ec.2e84: \SystemRoot\System32\apisetschema.dll:
61727ec.2e84: CreationTime: 2019-12-07T09:08:13.518339400Z
61827ec.2e84: LastWriteTime: 2019-12-07T09:08:13.518339400Z
61927ec.2e84: ChangeTime: 2021-06-11T03:34:18.200140700Z
62027ec.2e84: FileAttributes: 0x20
62127ec.2e84: Size: 0x1f538
62227ec.2e84: NT Headers: 0xd0
62327ec.2e84: Timestamp: 0x31288ce0
62427ec.2e84: Machine: 0x8664 - amd64
62527ec.2e84: Timestamp: 0x31288ce0
62627ec.2e84: Image Version: 10.0
62727ec.2e84: SizeOfImage: 0x20000 (131072)
62827ec.2e84: Resource Dir: 0x1f000 LB 0x408
62927ec.2e84: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
63027ec.2e84: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
63127ec.2e84: ProductName: Microsoft® Windows® Operating System
63227ec.2e84: ProductVersion: 10.0.19041.1
63327ec.2e84: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
63427ec.2e84: FileDescription: ApiSet Schema DLL
63527ec.2e84: NtOpenDirectoryObject failed on \Driver: 0xc0000022
63627ec.2e84: supR3HardenedWinFindAdversaries: 0x80
63727ec.2e84: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
63827ec.2e84: CreationTime: 2018-09-06T04:58:57.414771000Z
63927ec.2e84: LastWriteTime: 2018-09-27T21:40:37.008033600Z
64027ec.2e84: ChangeTime: 2020-08-14T10:22:40.597642100Z
64127ec.2e84: FileAttributes: 0x20
64227ec.2e84: Size: 0x3f520
64327ec.2e84: NT Headers: 0xf8
64427ec.2e84: Timestamp: 0x5b568210
64527ec.2e84: Machine: 0x8664 - amd64
64627ec.2e84: Timestamp: 0x5b568210
64727ec.2e84: Image Version: 10.0
64827ec.2e84: SizeOfImage: 0x41000 (266240)
64927ec.2e84: Resource Dir: 0x3f000 LB 0x3b8
65027ec.2e84: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
65127ec.2e84: [Raw version resource data: 0x3f060 LB 0x358, codepage 0x0 (reserved 0x0)]
65227ec.2e84: ProductName: Malwarebytes SwissArmy
65327ec.2e84: ProductVersion: 4.3.0.161
65427ec.2e84: FileVersion: 4.3.0.161
65527ec.2e84: FileDescription: Malwarebytes SwissArmy
65627ec.2e84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
65727ec.2e84: Calling main()
65827ec.2e84: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
65927ec.2e84: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
66027ec.2e84: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
66127ec.2e84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
66227ec.2e84: SUPR3HardenedMain: Respawn #2
66327ec.2e84: supR3HardNtEnableThreadCreationEx:
66427ec.2e84: supR3HardenedDllNotificationCallback: load 00007fffd4e30000 LB 0x0012b000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
66527ec.2e84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
66627ec.2e84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
66727ec.2e84: supR3HardenedDllNotificationCallback: load 00007fffd6760000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
66827ec.2e84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
66927ec.2e84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
67027ec.2e84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
67127ec.2e84: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
67227ec.2e84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
67327ec.2e84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
67427ec.2e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
67527ec.2e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
67627ec.2e84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
67727ec.2e84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
67827ec.2e84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6bd0000 'C:\WINDOWS\System32\ntdll.dll'
67927ec.2e84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
68027ec.2e84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
68127ec.2e84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
68227ec.2e84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
68327ec.2e84: supR3HardenedDllNotificationCallback: load 00007fffd1cc0000 LB 0x00090000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
68427ec.2e84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
68527ec.2e84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
68627ec.2e84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
68727ec.2e84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6bd0000 'C:\WINDOWS\System32\ntdll.dll'
68827ec.2e84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd1cc0000 'C:\WINDOWS\system32\apphelp.dll'
68927ec.2e84: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffd6c44b10 pvNtTerminateThread=00007fffd6c6d870
69027ec.2e84: supR3HardenedWinDoReSpawn(2): New child 23b0.38f8 [kernel32].
69127ec.2e84: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
69227ec.2e84: supR3HardNtChildGatherData: PebBaseAddress=00000000008fb000 cbPeb=0x388
69327ec.2e84: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fffd6bd0000 uNtDllChildAddr=00007fffd6bd0000
69427ec.2e84: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fffd6c44b10
69527ec.2e84: supR3HardenedWinSetupChildInit: Start child.
69627ec.2e84: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
69727ec.2e84: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 33 sleeps
69827ec.2e84: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
69927ec.2e84: *0000000000000000-000000000079ffff 0x0001/0x0000 0x0000000
70027ec.2e84: *00000000007a0000-00000000007bffff 0x0004/0x0004 0x0020000
70127ec.2e84: *00000000007c0000-00000000007dcfff 0x0002/0x0002 0x0040000
70227ec.2e84: 00000000007dd000-00000000007dffff 0x0001/0x0000 0x0000000
70327ec.2e84: *00000000007e0000-00000000007e3fff 0x0002/0x0002 0x0040000
70427ec.2e84: 00000000007e4000-00000000007effff 0x0001/0x0000 0x0000000
70527ec.2e84: *00000000007f0000-00000000007f1fff 0x0004/0x0004 0x0020000
70627ec.2e84: 00000000007f2000-00000000007fffff 0x0001/0x0000 0x0000000
70727ec.2e84: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
70827ec.2e84: 00000000008fb000-00000000008fdfff 0x0004/0x0004 0x0020000
70927ec.2e84: 00000000008fe000-00000000009fffff 0x0000/0x0004 0x0020000
71027ec.2e84: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
71127ec.2e84: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
71227ec.2e84: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
71327ec.2e84: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
71427ec.2e84: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
71527ec.2e84: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
71627ec.2e84: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
71727ec.2e84: 000000007ffea000-00007ff5ed52ffff 0x0001/0x0000 0x0000000
71827ec.2e84: *00007ff5ed530000-00007ff5ed530fff 0x0002/0x0002 0x0040000
71927ec.2e84: 00007ff5ed531000-00007ff5ed53ffff 0x0001/0x0000 0x0000000
72027ec.2e84: *00007ff5ed540000-00007ff5ed562fff 0x0002/0x0002 0x0040000
72127ec.2e84: 00007ff5ed563000-00007ff76cafffff 0x0001/0x0000 0x0000000
72227ec.2e84: *00007ff76cb00000-00007ff76cb00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
72327ec.2e84: 00007ff76cb01000-00007ff76cb72fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
72427ec.2e84: 00007ff76cb73000-00007ff76cb73fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
72527ec.2e84: 00007ff76cb74000-00007ff76cbbafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
72627ec.2e84: 00007ff76cbbb000-00007ff76cbbbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
72727ec.2e84: 00007ff76cbbc000-00007ff76cbbcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
72827ec.2e84: 00007ff76cbbd000-00007ff76cbc1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
72927ec.2e84: 00007ff76cbc2000-00007ff76cbc2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
73027ec.2e84: 00007ff76cbc3000-00007ff76cbc3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
73127ec.2e84: 00007ff76cbc4000-00007ff76cbc7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
73227ec.2e84: 00007ff76cbc8000-00007ff76cc0ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
73327ec.2e84: 00007ff76cc10000-00007fffd6bcffff 0x0001/0x0000 0x0000000
73427ec.2e84: *00007fffd6bd0000-00007fffd6bd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
73527ec.2e84: 00007fffd6bd1000-00007fffd6cebfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
73627ec.2e84: 00007fffd6cec000-00007fffd6d33fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
73727ec.2e84: 00007fffd6d34000-00007fffd6d3ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
73827ec.2e84: 00007fffd6d40000-00007fffd6d4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
73927ec.2e84: 00007fffd6d4f000-00007fffd6d4ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
74027ec.2e84: 00007fffd6d50000-00007fffd6d52fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
74127ec.2e84: 00007fffd6d53000-00007fffd6dc4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
74227ec.2e84: 00007fffd6dc5000-00007ffffffeffff 0x0001/0x0000 0x0000000
74327ec.2e84: VirtualBox.exe: timestamp 0x5f075be6 (rc=VINF_SUCCESS)
74427ec.2e84: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
74527ec.2e84: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
74627ec.2e84: supR3HardNtChildPurify: Done after 539 ms and 0 fixes (loop #0).
74723b0.38f8: Log file opened: 5.2.44r139111 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6200
74823b0.38f8: supR3HardenedVmProcessInit: uNtDllAddr=00007fffd6bd0000 g_uNtVerCombined=0xa04a6200
74927ec.2e84: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001100000 LB 0x400000)
75027ec.2e84: supR3HardNtEnableThreadCreationEx:
75123b0.38f8: ntdll.dll: timestamp 0x7977b9de (rc=VINF_SUCCESS)
75223b0.38f8: New simple heap: #1 0000000000c00000 LB 0x400000 (for 2052096 allocation)
75323b0.38f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
75423b0.38f8: System32: \Device\HarddiskVolume4\Windows\System32
75523b0.38f8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
75623b0.38f8: KnownDllPath: C:\WINDOWS\System32
75723b0.38f8: supR3HardenedVmProcessInit: Opening vboxdrv...
75823b0.38f8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
75923b0.38f8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
76023b0.38f8: Registered Dll notification callback with NTDLL.
76123b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
76223b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
76323b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
76423b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4600000 LB 0x002c8000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
76523b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
76623b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
76723b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd5a10000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
76823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
76923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd5a10000 'C:\WINDOWS\System32\KERNEL32.DLL'
77023b0.38f8: supR3HardenedDllNotificationCallback: load 00007ff76cb00000 LB 0x00110000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
77123b0.38f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
77223b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
77323b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
77423b0.38f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fffd6c44b10 pvNtTerminateThread=00007fffd6c6d870
77527ec.2e84: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 64 ms.
77623b0.38f8: \SystemRoot\System32\ntdll.dll:
77723b0.38f8: CreationTime: 2021-06-11T03:33:39.848648100Z
77823b0.38f8: LastWriteTime: 2021-06-11T03:33:39.907711900Z
77923b0.38f8: ChangeTime: 2021-06-20T00:37:19.542978400Z
78023b0.38f8: FileAttributes: 0x20
78123b0.38f8: Size: 0x1ee508
78223b0.38f8: NT Headers: 0xe8
78323b0.38f8: Timestamp: 0x7977b9de
78423b0.38f8: Machine: 0x8664 - amd64
78523b0.38f8: Timestamp: 0x7977b9de
78623b0.38f8: Image Version: 10.0
78723b0.38f8: SizeOfImage: 0x1f5000 (2052096)
78823b0.38f8: Resource Dir: 0x184000 LB 0x6fdc8
78923b0.38f8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
79023b0.38f8: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
79123b0.38f8: ProductName: Microsoft® Windows® Operating System
79223b0.38f8: ProductVersion: 10.0.19041.1023
79323b0.38f8: FileVersion: 10.0.19041.1023 (WinBuild.160101.0800)
79423b0.38f8: FileDescription: NT Layer DLL
79523b0.38f8: \SystemRoot\System32\kernel32.dll:
79623b0.38f8: CreationTime: 2021-06-11T03:33:30.785150400Z
79723b0.38f8: LastWriteTime: 2021-06-11T03:33:30.796862500Z
79823b0.38f8: ChangeTime: 2021-06-20T00:37:14.528535900Z
79923b0.38f8: FileAttributes: 0x20
80023b0.38f8: Size: 0xbac20
80123b0.38f8: NT Headers: 0xe8
80223b0.38f8: Timestamp: 0x92f57b1a
80323b0.38f8: Machine: 0x8664 - amd64
80423b0.38f8: Timestamp: 0x92f57b1a
80523b0.38f8: Image Version: 10.0
80623b0.38f8: SizeOfImage: 0xbd000 (774144)
80723b0.38f8: Resource Dir: 0xbb000 LB 0x520
80823b0.38f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
80923b0.38f8: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
81023b0.38f8: ProductName: Microsoft® Windows® Operating System
81123b0.38f8: ProductVersion: 10.0.19041.1023
81223b0.38f8: FileVersion: 10.0.19041.1023 (WinBuild.160101.0800)
81323b0.38f8: FileDescription: Windows NT BASE API Client DLL
81423b0.38f8: \SystemRoot\System32\KernelBase.dll:
81523b0.38f8: CreationTime: 2021-06-11T03:33:40.710015300Z
81623b0.38f8: LastWriteTime: 2021-06-11T03:33:40.767599100Z
81723b0.38f8: ChangeTime: 2021-06-20T00:37:18.418243500Z
81823b0.38f8: FileAttributes: 0x20
81923b0.38f8: Size: 0x2c8b80
82023b0.38f8: NT Headers: 0xf0
82123b0.38f8: Timestamp: 0x924f9cdb
82223b0.38f8: Machine: 0x8664 - amd64
82323b0.38f8: Timestamp: 0x924f9cdb
82423b0.38f8: Image Version: 10.0
82523b0.38f8: SizeOfImage: 0x2c8000 (2916352)
82623b0.38f8: Resource Dir: 0x29f000 LB 0x548
82723b0.38f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
82823b0.38f8: [Raw version resource data: 0x29f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
82923b0.38f8: ProductName: Microsoft® Windows® Operating System
83023b0.38f8: ProductVersion: 10.0.19041.1023
83123b0.38f8: FileVersion: 10.0.19041.1023 (WinBuild.160101.0800)
83223b0.38f8: FileDescription: Windows NT BASE API Client DLL
83323b0.38f8: \SystemRoot\System32\apisetschema.dll:
83423b0.38f8: CreationTime: 2019-12-07T09:08:13.518339400Z
83523b0.38f8: LastWriteTime: 2019-12-07T09:08:13.518339400Z
83623b0.38f8: ChangeTime: 2021-06-11T03:34:18.200140700Z
83723b0.38f8: FileAttributes: 0x20
83823b0.38f8: Size: 0x1f538
83923b0.38f8: NT Headers: 0xd0
84023b0.38f8: Timestamp: 0x31288ce0
84123b0.38f8: Machine: 0x8664 - amd64
84223b0.38f8: Timestamp: 0x31288ce0
84323b0.38f8: Image Version: 10.0
84423b0.38f8: SizeOfImage: 0x20000 (131072)
84523b0.38f8: Resource Dir: 0x1f000 LB 0x408
84623b0.38f8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
84723b0.38f8: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
84823b0.38f8: ProductName: Microsoft® Windows® Operating System
84923b0.38f8: ProductVersion: 10.0.19041.1
85023b0.38f8: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
85123b0.38f8: FileDescription: ApiSet Schema DLL
85223b0.38f8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
85323b0.38f8: supR3HardenedWinFindAdversaries: 0x80
85423b0.38f8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
85523b0.38f8: CreationTime: 2018-09-06T04:58:57.414771000Z
85623b0.38f8: LastWriteTime: 2018-09-27T21:40:37.008033600Z
85723b0.38f8: ChangeTime: 2020-08-14T10:22:40.597642100Z
85823b0.38f8: FileAttributes: 0x20
85923b0.38f8: Size: 0x3f520
86023b0.38f8: NT Headers: 0xf8
86123b0.38f8: Timestamp: 0x5b568210
86223b0.38f8: Machine: 0x8664 - amd64
86323b0.38f8: Timestamp: 0x5b568210
86423b0.38f8: Image Version: 10.0
86523b0.38f8: SizeOfImage: 0x41000 (266240)
86623b0.38f8: Resource Dir: 0x3f000 LB 0x3b8
86723b0.38f8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
86823b0.38f8: [Raw version resource data: 0x3f060 LB 0x358, codepage 0x0 (reserved 0x0)]
86923b0.38f8: ProductName: Malwarebytes SwissArmy
87023b0.38f8: ProductVersion: 4.3.0.161
87123b0.38f8: FileVersion: 4.3.0.161
87223b0.38f8: FileDescription: Malwarebytes SwissArmy
87323b0.38f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
87423b0.38f8: Calling main()
87523b0.38f8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
87623b0.38f8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
87723b0.38f8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
87823b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
87923b0.38f8: SUPR3HardenedMain: Final process, opening VBoxDrv...
88023b0.38f8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
88123b0.38f8: supR3HardNtEnableThreadCreationEx:
88223b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
88323b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
88423b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
88523b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
88623b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd0010000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
88723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
88823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
88923b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
89023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd0010000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
89123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
89223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
89323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd0010000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
89423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd0010000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
89523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
89623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
89723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
89823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
89923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
90023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
90123b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
90223b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
90323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
90423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
90523b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
90623b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
90723b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
90823b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4c80000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
90923b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
91023b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4e30000 LB 0x0012b000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
91123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
91223b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4a80000 LB 0x00060000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
91323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
91423b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4420000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
91523b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
91623b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
91723b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4ae0000 LB 0x0015f000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
91823b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
91923b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
92023b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
92123b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
92223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-synch-l1-2-0'
92323b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
92423b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
92523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-fibers-l1-1-1'
92623b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
92723b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
92823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-fibers-l1-1-1'
92923b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
93023b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
93123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-synch-l1-2-0'
93223b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
93323b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
93423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-localization-l1-2-1'
93523b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
93623b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
93723b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd3f00000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
93823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
93923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4a80000 'C:\WINDOWS\system32\Wintrust.dll'
94023b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
94123b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
94223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
94323b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd45d0000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
94423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
94523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd45d0000 'C:\WINDOWS\system32\bcrypt.dll'
94623b0.38f8: bcrypt.dll loaded at 00007fffd45d0000, BCryptOpenAlgorithmProvider at 00007fffd45d51e0, preloading providers:
94723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
94823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
94923b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
95023b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4390000 LB 0x00083000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
95123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
95223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4390000 'C:\WINDOWS\system32\bcryptprimitives.dll'
95323b0.38f8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000105d990)
95423b0.38f8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000010603c0)
95523b0.38f8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000010606e0)
95623b0.38f8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000001061210)
95723b0.38f8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000001061530)
95823b0.38f8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001061850)
95923b0.38f8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001061b70)
96023b0.38f8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001061e90)
96123b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
96223b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
96323b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd3cc0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
96423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
96523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
96623b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
96723b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
96823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
96923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
97023b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
97123b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
97223b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
97323b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd3420000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
97423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
97523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
97623b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
97723b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
97823b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd3ce0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
97923b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
98023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
98123b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
98223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd5a10000 'C:\WINDOWS\System32\kernel32.dll'
98323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
98423b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
98523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4a80000 'C:\WINDOWS\System32\WINTRUST.DLL'
98623b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
98723b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
98823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\CRYPT32.dll'
98923b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd5490000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
99023b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
99123b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
99223b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
99323b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
99423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
99523b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd6760000 LB 0x0009b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
99623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
99723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
99823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
99923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
100023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
100123b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
100223b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
100323b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd2c20000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
100423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
100523b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
100623b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
100723b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4250000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
100823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
100923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
101023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
101123b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
101223b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
101323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
101423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
101523b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
101623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
101723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
101823b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
101923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
102023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
102123b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
102223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
102323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
102423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
102523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
102623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
102723b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
102823b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
102923b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
103023b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffcc1a0000 LB 0x00031000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
103123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
103223b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
103323b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
103423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
103523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
103623b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
103723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
103823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
103923b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
104023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
104123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
104223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
104323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
104423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
104523b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
104623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
104723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
104823b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
104923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
105023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
105123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
105223b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
105323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
105423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
105523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
105623b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
105723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
105823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
105923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
106023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\WINDOWS\System32\cryptnet.dll'
106123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
106223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc1a0000 'C:\Windows\System32\cryptnet.dll'
106323b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4d20000 LB 0x000ac000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
106423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
106523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
106623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
106723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
106823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
106923b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
107023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
107123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
107223b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
107323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
107423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
107523b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
107623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
107723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
107823b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
107923b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
108023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
108123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
108223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
108323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
108423b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
108523b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001104820
108623b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
108723b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3A05CDDCEF419AF85D3B3359BC08EE32925F425
108823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
108923b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
109023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4e30000 'C:\WINDOWS\System32\rpcrt4.dll'
109123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
109223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
109323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
109423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
109523b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
109623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
109723b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.19041.1052.cat'; file='\SystemRoot\System32\ntdll.dll'
109823b0.38f8: g_pfnWinVerifyTrust=00007fffd4a81da0
109923b0.38f8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
110023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
110123b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
110223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
110323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
110423b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
110523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
110623b0.38f8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
110723b0.38f8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
110823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
110923b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
111023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
111123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
111223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
111323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
111423b0.38f8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
111523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
111623b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
111723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
111823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
111923b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
112023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
112123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
112223b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
112323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
112423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
112523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
112623b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
112723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
112823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
112923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
113023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
113123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
113223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
113323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
113423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
113523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
113623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
113723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
113823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
113923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
114023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
114123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
114223b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
114323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
114423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
114523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
114623b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
114723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
114823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
114923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
115023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
115123b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
115223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
115323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
115423b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
115523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
115623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
115723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
115823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
115923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
116023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
116123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
116223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
116323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
116423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
116523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
116623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
116723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
116823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
116923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
117023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
117123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
117223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
117323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
117423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
117523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
117623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
117723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
117823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
117923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
118023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
118123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
118223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
118323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
118423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
118523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\system32\crypt32.dll'
118623b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
118723b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
118823b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
118923b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
119023b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
119123b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
119223b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
119323b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
119423b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
119523b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
119623b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
119723b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
119823b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
119923b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
120023b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
120123b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
120223b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
120323b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
120423b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
120523b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
120623b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
120723b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
120823b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
120923b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
121023b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
121123b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
121223b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
121323b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
121423b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
121523b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
121623b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
121723b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
121823b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
121923b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
122023b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
122123b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
122223b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
122323b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
122423b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
122523b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
122623b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
122723b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
122823b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
122923b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
123023b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
123123b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
123223b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
123323b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x88db8dee0f25e100 C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
123423b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
123523b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
123623b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
123723b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
123823b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
123923b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
124023b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
124123b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
124223b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
124323b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
124423b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
124523b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
124623b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
124723b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
124823b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
124923b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
125023b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
125123b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
125223b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
125323b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
125423b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
125523b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
125623b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
125723b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
125823b0.38f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
125923b0.38f8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=73
126023b0.38f8: SUPR3HardenedMain: Load Runtime...
126123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
126223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
126323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
126423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
126523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
126623b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
126723b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
126823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
126923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
127023b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
127123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
127223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
127323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
127423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
127523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
127623b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
127723b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
127823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
127923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
128023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
128123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
128223b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
128323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
128423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
128523b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
128623b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
128723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
128823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
128923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
129023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
129123b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
129223b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
129323b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
129423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
129523b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
129623b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
129723b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
129823b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
129923b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
130023b0.38f8: supR3HardenedDllNotificationCallback: load 0000000051b60000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
130123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
130223b0.38f8: supR3HardenedDllNotificationCallback: load 0000000051ac0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
130323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
130423b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4f60000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
130523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
130623b0.38f8: supR3HardenedDllNotificationCallback: load 00007fff76570000 LB 0x00630000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
130723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
130823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
130923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
131023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
131123b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
131223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
131423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
131523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
131623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
131723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
131823b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
131923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
132123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
132223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
132323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
132423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
132523b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
132623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
132823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
132923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
133023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
133123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
133223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
133323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
133423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
133523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
133623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
133723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
133823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
133923b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
134023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
134123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
134223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
134323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
134423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
134523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
134623b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
134723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
134823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
134923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
135023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
135123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
135223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
135323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
135423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
135523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
135623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
135723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
135823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
135923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
136023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
136123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
136223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
136323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
136423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
136523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
136623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
136723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
136823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
136923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
137023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
137123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
137223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
137323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
137423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
137523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
137623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
137723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
137823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
137923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
138023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
138123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
138223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
138323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
138423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
138523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
138623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
138723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
138823b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
138923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
139123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
139223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
139323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
139423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
139623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
139723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
139823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
139923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
140223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
140423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
140723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
140823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
140923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
141123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
141323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
141623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
141823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
142123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
142223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
142323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
142423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
142623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
142723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
142823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
142923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
143123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
143223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
143323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
143423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
143623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
143723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
143823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
143923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
144123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
144223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
144323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
144423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
144623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
144723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
144823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
144923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
145123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
145223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
145323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
145423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
145623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
145723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
145823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
145923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
146023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
146123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
146223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
146323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
146423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
146523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
146623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
146723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
146823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
146923b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
147023b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
147123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
147223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
147323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
147423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
147523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
147623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
147723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
147823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
147923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
148023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
148123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
148223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
148323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
148423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff76570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
148523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
148623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
148723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
148823b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
148923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4a80000 'C:\WINDOWS\system32\Wintrust.dll'
149023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
149123b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
149223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
149323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
149423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
149523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
149623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\system32\crypt32.dll'
149723b0.38f8: SUPR3HardenedMain: Load TrustedMain...
149823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
149923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
150023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
150123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
150223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
150323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
150423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
150523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
150623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
150723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
150823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
150923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
151023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
151123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
151223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
151323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
151423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
151523b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
151623b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
151723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
151823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
151923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
152023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
152123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
152223b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
152323b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
152423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
152523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
152623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
152723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
152823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
152923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
153023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
153123b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
153223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
153323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
153423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
153523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
153623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
153723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
153823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
153923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
154023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
154123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
154223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
154323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
154423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
154523b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
154623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
154723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
154823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
154923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
155023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
155123b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
155223b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
155323b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
155423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
155523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
155623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
155723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
155823b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
155923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
156023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
156123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
156223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
156323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
156423b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
156523b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
156623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
156723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
156823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
156923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
157023b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
157123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
157223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
157323b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
157423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
157523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
157623b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
157723b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
157823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
157923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
158023b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
158123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
158223b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
158323b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
158423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
158523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
158623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
158723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
158823b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
158923b0.38f8: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
159023b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
159123b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
159223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
159323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
159423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
159523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
159623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
159723b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
159823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
159923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
160023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
160123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
160223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
160323b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) WinVerifyTrust
160423b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
160523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
160623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
160723b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
160823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
160923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
161023b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
161123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
161223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
161323b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
161423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
161523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
161623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
161723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
161823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
161923b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
162023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
162123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
162223b0.38f8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
162323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
162423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
162523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
162623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
162723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
162823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
162923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
163023b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
163123b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
163223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
163323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
163423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
163523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
163623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
163723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
163823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
163923b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
164023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
164123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
164223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
164323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
164423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
164523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
164623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
164723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
164823b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
164923b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
165023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
165123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
165223b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
165323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
165423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
165523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
165623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
165723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
165823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
165923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
166023b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
166123b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
166223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
166323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
166423b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
166523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
166623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
166723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
166823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
166923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
167023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
167123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
167223b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
167323b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
167423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
167523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
167623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
167723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
167823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
167923b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
168023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
168123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
168223b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
168323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
168423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
168523b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
168623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
168723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
168823b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
168923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
169023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
169123b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
169223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
169323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
169423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
169523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
169623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
169723b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
169823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
169923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
170023b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
170123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
170223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
170323b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
170423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
170523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
170623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
170723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
170823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
170923b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
171023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
171123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
171223b0.38f8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
171323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
171423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
171523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
171623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
171723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'glu32.dll'.
171823b0.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
171923b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
172023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
172123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
172223b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
172323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
172423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
172523b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
172623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
172723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
172823b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
172923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
173023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
173123b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
173223b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
173323b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
173423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
173523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
173623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
173723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
173823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
173923b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
174023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
174123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
174223b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
174323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
174423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
174523b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
174623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
174723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
174823b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
174923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
175023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
175123b0.38f8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
175223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
175323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
175423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
175523b0.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
175623b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
175723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
175823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
175923b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
176023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
176123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
176223b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
176323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
176423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
176523b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
176623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
176723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
176823b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
176923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
177023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
177123b0.38f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
177223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
177323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
177423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
177523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
177623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
177723b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
177823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
177923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
178023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
178123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
178223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
178323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
178423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
178523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
178623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
178723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
178823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
178923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
179023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
179123b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
179223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
179323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
179423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
179523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
179623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
179723b0.38f8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
179823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
179923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
180023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
180123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'shlwapi.dll'.
180223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
180323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'comctl32.dll'.
180423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'shell32.dll'.
180523b0.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)
180623b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
180723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
180823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
180923b0.38f8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
181023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
181123b0.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
181223b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
181323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
181423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
181523b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
181623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
181723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
181823b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
181923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
182023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
182123b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
182223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
182323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
182423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
182523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
182623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
182723b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
182823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
182923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
183023b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
183123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
183223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
183323b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
183423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
183523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
183623b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
183723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
183823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
183923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
184023b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
184123b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
184223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
184323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
184423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
184523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
184623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
184723b0.38f8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
184823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
184923b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
185023b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
185123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
185223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
185323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
185423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
185523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
185623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
185723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
185823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
185923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
186023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
186123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
186223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
186323b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
186423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
186523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
186623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
186723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
186823b0.38f8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
186923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
187023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
187123b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
187223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
187323b0.38f8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
187423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
187523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
187623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
187723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
187823b0.38f8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
187923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
188023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
188123b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
188223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
188323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
188423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
188523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
188623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
188723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
188823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
188923b0.38f8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
189023b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
189123b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
189223b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
189323b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C9C10BF483A9E127A5FD41C0556C6B4E23A8F66
189423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
189523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
189623b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.964.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
189723b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
189823b0.38f8: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
189923b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
190023b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
190123b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
190223b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
190323b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
190423b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
190523b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
190623b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
190723b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
190823b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
190923b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
191023b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
191123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
191223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
191323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
191423b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll)
191523b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll
191623b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4310000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
191723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
191823b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd49e0000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
191923b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
192023b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd48d0000 LB 0x0010b000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
192123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
192223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
192323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
192423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
192523b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
192623b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
192723b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4c50000 LB 0x0002a000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
192823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
192923b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd54b0000 LB 0x001a0000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
193023b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd6830000 LB 0x00355000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
193123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
193223b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffcd8d0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
193323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
193423b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffbff30000 LB 0x00126000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
193523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
193623b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd6010000 LB 0x0073f000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
193723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
193823b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd5300000 LB 0x0012a000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
193923b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
194023b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffb4310000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
194123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
194223b0.38f8: supR3HardenedDllNotificationCallback: load 0000000051550000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
194323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
194423b0.38f8: supR3HardenedDllNotificationCallback: load 00007fff75f70000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
194523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
194623b0.38f8: supR3HardenedDllNotificationCallback: load 0000000050fe0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
194723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
194823b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffb8c70000 LB 0x0008e000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
194923b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
195023b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd5880000 LB 0x000ae000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
195123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
195223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
195323b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
195423b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
195523b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4dd0000 LB 0x00055000 C:\WINDOWS\System32\SHLWAPI.dll [fFlags=0x0]
195623b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
195723b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffb6650000 LB 0x000b0000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\COMCTL32.dll [fFlags=0x0]
195823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll [avoiding WinVerifyTrust]
195923b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd5700000 LB 0x000da000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
196023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
196123b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffc0160000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
196223b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
196323b0.38f8: supR3HardenedDllNotificationCallback: load 0000000050f80000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
196423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
196523b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd5ad0000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
196623b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
196723b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffc1590000 LB 0x00027000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
196823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
196923b0.38f8: supR3HardenedDllNotificationCallback: load 00007fff70540000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
197023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
197123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
197223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
197323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
197423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
197523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
197623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
197723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
197823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
197923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
198023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
198123b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
198223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
198323b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
198423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
198523b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
198623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
198723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
198823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
198923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
199023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
199123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
199223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
199323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
199423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
199523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
199623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
199723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
199823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
199923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
200023b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
200123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
200223b0.38f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
200323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
200423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
200523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
200623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
200723b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
200823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
200923b0.38f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
201023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
201123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
201223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
201323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
201423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
201523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
201623b0.38f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
201723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
201823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
201923b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
202023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
202123b0.38f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
202223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
202323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
202423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
202523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
202623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
202723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
202823b0.38f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
202923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
203023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
203123b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
203223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
203323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd5a10000 'C:\WINDOWS\System32\kernel32.dll'
203423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
203523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
203623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
203723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
203823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
203923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
204023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
204123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
204223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
204323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
204423b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
204523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
204623b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
204723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
204823b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
204923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
205023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
205123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
205223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
205323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
205423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
205523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
205623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
205723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
205823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
205923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
206023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
206123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
206223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
206323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
206423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
206523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
206623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
206723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
206823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
206923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
207023b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
207123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
207223b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
207323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
207423b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
207523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
207623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
207723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
207823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
207923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
208023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
208123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
208223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
208323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
208423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
208523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
208623b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
208723b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
208823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-string-l1-1-0'
208923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
209023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
209123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
209223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
209323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
209423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
209523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
209623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
209723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
209823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
209923b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
210023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
210123b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
210223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
210323b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
210423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
210523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
210623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
210723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
210823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
210923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
211023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
211123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
211223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
211323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
211423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
211523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
211623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
211723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
211823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
211923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
212023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
212123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
212223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
212323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
212423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
212523b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
212623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
212723b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
212823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
212923b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
213023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
213123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
213223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
213323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
213423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
213523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
213623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
213723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
213823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
213923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
214023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
214123b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
214223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
214323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-datetime-l1-1-1'
214423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
214523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
214623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
214723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
214823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
214923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
215023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
215123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
215223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
215323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
215423b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
215523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
215623b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
215723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
215823b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
215923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
216023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
216123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
216223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
216323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
216423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
216523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
216623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
216723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
216823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
216923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
217023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
217123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
217223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
217323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
217423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
217523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
217623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
217723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
217823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
217923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
218023b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
218123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
218223b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
218323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
218423b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
218523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
218623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
218723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
218823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
218923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
219023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
219123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
219223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
219323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
219423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
219523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
219623b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
219723b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
219823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-localization-obsolete-l1-2-0'
219923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
220023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
220123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
220223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
220323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
220423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
220523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
220623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
220723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
220823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
220923b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
221023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
221123b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
221223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
221323b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
221423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
221523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
221623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
221723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
221823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
221923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
222023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
222123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
222223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
222323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
222423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
222523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
222623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
222723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
222823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
222923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
223023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
223123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
223223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
223323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
223423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
223523b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
223623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
223723b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
223823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
223923b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
224023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
224123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
224223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
224323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
224423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
224523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
224623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
224723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
224823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
224923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
225023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
225123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
225223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
225323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
225423b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
225523b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
225623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
225723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
225823b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
225923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
226023b0.38f8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
226123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
226223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
226323b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
226423b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd6800000 LB 0x00030000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
226523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
226623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6800000 'C:\WINDOWS\system32\IMM32.DLL'
226723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
226823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
226923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
227023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
227123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
227223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
227323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
227423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
227523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
227623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
227723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
227823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
227923b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
228023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
228123b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
228223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
228323b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
228423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
228523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
228623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
228723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
228823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
228923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
229023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
229123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
229223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
229323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
229423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
229523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
229623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
229723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
229823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
229923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
230023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
230123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
230223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
230323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
230423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
230523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
230623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
230723b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
230823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
230923b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
231023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
231123b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
231223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
231323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
231423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
231523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
231623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
231723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
231823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
231923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
232023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
232123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
232223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
232323b0.38f8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\edgegdi.dll': 0 (NtPath=\??\C:\WINDOWS\System32\edgegdi.dll; Input=edgegdi.dll; rcNtGetDll=0xc0000135
232423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\edgegdi.dll'
232523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
232623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
232723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
232823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
232923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
233023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
233123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
233223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
233323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
233423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
233523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
233623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
233723b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
233823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
233923b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
234023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
234123b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
234223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
234323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
234423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
234523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
234623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
234723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
234823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
234923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
235023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
235123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
235223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
235323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
235423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
235523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
235623b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
235723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6800000 'C:\WINDOWS\System32\imm32.dll'
235823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
235923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
236023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
236123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
236223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
236323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
236423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
236523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
236623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
236723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
236823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
236923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
237023b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
237123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
237223b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
237323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
237423b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
237523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
237623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
237723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
237823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
237923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
238023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
238123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
238223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
238323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
238423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
238523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
238623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
238723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
238823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
238923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
239023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
239123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
239223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
239323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
239423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
239523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
239623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
239723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
239823b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
239923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
240023b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
240123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
240223b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
240323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
240423b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
240523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
240623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
240723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
240823b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
240923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
241023b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
241123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
241223b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
241323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
241423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
241523b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
241623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4d20000 'C:\WINDOWS\System32\ADVAPI32.DLL'
241723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
241823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
241923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
242023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
242123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
242223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
242323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'.
242423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll' [rescheduled]
242523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
242623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
242723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
242823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
242923b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
243023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
243123b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
243223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
243323b0.38f8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
243423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
243523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
243623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
243723b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
243823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
243923b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
244023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
244123b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
244223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
244323b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
244423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
244523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff70540000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
244623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
244723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
244823b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
244923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
245023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
245123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
245223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
245323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
245423b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
245523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
245623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
245723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.844_none_423537bff6b9828c\comctl32.dll'
245823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
245923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
246023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
246123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
246223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
246323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'
246423b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume4\Windows\System32\winspool.drv
246523b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
246623b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
246723b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E7010C322CC9D5936774A822927E20F016C3CA
246823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
246923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
247023b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.1052.cat'; file='\Device\HarddiskVolume4\Windows\System32\winspool.drv'
247123b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
247223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv'
247323b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
247423b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
247523b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
247623b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9E97C54591DCD2F37F41C00B99FE64FD613C9793
247723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
247823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
247923b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04112~31bf3856ad364e35~amd64~~10.0.19041.1052.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
248023b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
248123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
248223b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume4\Windows\System32\glu32.dll
248323b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
248423b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
248523b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAB3F71746EFEEEE383BF91A5CE7637F78FF8670
248623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
248723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
248823b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.19041.964.cat'; file='\Device\HarddiskVolume4\Windows\System32\glu32.dll'
248923b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
249023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll'
249123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
249223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
249323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll'
249423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
249523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
249623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
249723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
249823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
249923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
250023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
250123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
250223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
250323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
250423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
250523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
250623b0.38f8: SUPR3HardenedMain: Calling TrustedMain (00007fff705414f0)...
250723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
250823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
250923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
251023b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
251123b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
251223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
251323b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wldp.dll)
251423b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wldp.dll
251523b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd3d80000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
251623b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
251723b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd2480000 LB 0x00790000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
251823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
251923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
252023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
252123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
252223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
252323b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wldp.dll [lacks WinVerifyTrust]
252423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
252523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
252623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
252723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
252823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
252923b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
253023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
253123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
253223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wldp.dll'
253323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
253423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
253523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
253623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
253723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
253823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
253923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
254023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
254123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
254223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
254323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
254423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
254523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
254623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
254723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
254823b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
254923b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
255023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
255123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
255223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
255323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
255423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
255523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
255623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
255723b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
255823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
255923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
256023b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
256123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
256223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
256323b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
256423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
256523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
256623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
256723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
256823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
256923b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
257023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
257123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
257223b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
257323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
257423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
257523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
257623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
257723b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
257823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
257923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
258023b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
258123b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
258223b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffb5b20000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
258323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
258423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb5b20000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
258523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
258623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
258723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
258823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
258923b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd2280000 LB 0x00012000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
259023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
259123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
259223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
259323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
259423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
259523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
259623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
259723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
259823b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006bc pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
259923b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
260023b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
260123b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D4518D2FDDF5F612DEA6801698B1EA0650EE8486
260223b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
260323b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
260423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
260523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
260623b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.985.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
260723b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
260823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
260923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
261023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
261123b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
261223b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
261323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
261423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
261523b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
261623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
261723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
261823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
261923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
262023b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
262123b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
262223b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd1dc0000 LB 0x0009e000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
262323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
262423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd1dc0000 'C:\WINDOWS\system32\uxtheme.dll'
262523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd54b0000 'C:\WINDOWS\system32\user32.dll'
262623b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
262723b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
262823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
262923b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
263023b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
263123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd5880000 'C:\WINDOWS\system32\SHCore.dll'
263223b0.38f8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
263323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
263423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
263523b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
263623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\system32\winmm.dll'
263723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
263823b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
263923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\system32\winmm.dll'
264023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
264123b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
264223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
264323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
264423b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
264523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd1dc0000 'C:\WINDOWS\system32\uxtheme.dll'
264623b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
264723b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
264823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4d20000 'C:\WINDOWS\system32\advapi32.dll'
264923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
265023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
265123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
265223b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
265323b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
265423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
265523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
265623b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
265723b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
265823b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd41d0000 LB 0x0002e000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
265923b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
266023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd41d0000 'C:\WINDOWS\system32\userenv.dll'
266123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
266223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
266323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd5a10000 'C:\WINDOWS\System32\kernel32.dll'
266423b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd5650000 LB 0x000a9000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
266523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
266623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
266723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
266823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
266923b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
267023b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
267123b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
267223b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
267323b0.38fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
267423b0.38fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
267523b0.38fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
267623b0.38fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
267723b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
267823b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
267923b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
268023b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
268123b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
268223b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
268323b0.38fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
268423b0.38fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
268523b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
268623b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
268723b0.38fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
268823b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
268923b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
269023b0.38fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
269123b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
269223b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
269323b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
269423b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
269523b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
269623b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
269723b0.38fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
269823b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
269923b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
270023b0.38fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
270123b0.38fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
270223b0.38fc: supR3HardenedDllNotificationCallback: load 00007fff6fff0000 LB 0x0054a000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
270323b0.38fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
270423b0.38fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6fff0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
270523b0.38fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
270623b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
270723b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
270823b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
270923b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
271023b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
271123b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
271223b0.38fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
271323b0.38fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
271423b0.38fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
271523b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
271623b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
271723b0.38fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
271823b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
271923b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
272023b0.38fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
272123b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
272223b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
272323b0.38fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
272423b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
272523b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
272623b0.38fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
272723b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
272823b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
272923b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
273023b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
273123b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
273223b0.38fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
273323b0.38fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
273423b0.38fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
273523b0.38fc: supR3HardenedDllNotificationCallback: load 00007fffb5110000 LB 0x000bb000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
273623b0.38fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
273723b0.38fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb5110000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
273823b0.38fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
273923b0.38fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
274023b0.38fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd5ad0000 'C:\Windows\System32\oleaut32.dll'
274123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4c50000 'C:\WINDOWS\system32\gdi32.dll'
274223b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd4fd0000 LB 0x00115000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
274323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
274423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
274523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
274623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
274723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
274823b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
274923b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
275023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
275123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
275223b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
275323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
275423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
275523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
275623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
275723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
275823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
275923b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
276023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
276123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
276223b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
276323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
276423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
276523b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
276623b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009fc pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
276723b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
276823b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
276923b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3E635B51EBB2CF2245E98541D1AF5FE327DC975
277023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
277123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
277223b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.19041.1052.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
277323b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
277423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
277523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
277623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
277723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
277823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
277923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
278023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
278123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
278223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
278323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
278423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
278523b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
278623b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
278723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
278823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
278923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
279023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
279123b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
279223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
279323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
279423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
279523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
279623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
279723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
279823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
279923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
280023b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
280123b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
280223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
280323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
280423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
280523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
280623b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
280723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
280823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
280923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
281023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
281123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
281223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
281323b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll) WinVerifyTrust
281423b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
281523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
281623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
281723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
281823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
281923b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
282023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
282123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
282223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
282323b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
282423b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
282523b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
282623b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
282723b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd2c50000 LB 0x000f4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
282823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
282923b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd02f0000 LB 0x00264000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
283023b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
283123b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd10e0000 LB 0x001e6000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
283223b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
283323b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffaf9a0000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
283423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
283523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
283623b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
283723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4c50000 'C:\WINDOWS\System32\gdi32.dll'
283823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffaf9a0000 'C:\WINDOWS\system32\dataexchange.dll'
283923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
284023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
284123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
284223b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
284323b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
284423b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffccdc0000 LB 0x00201000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
284523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
284623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
284723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
284823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
284923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
285023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
285123b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
285223b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
285323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
285423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
285523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
285623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
285723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
285823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
285923b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
286023b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
286123b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
286223b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
286323b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
286423b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
286523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
286623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
286723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
286823b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
286923b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
287023b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd3050000 LB 0x00033000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
287123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
287223b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd19d0000 LB 0x000f2000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
287323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
287423b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd0f80000 LB 0x00154000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
287523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
287623b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffd1670000 LB 0x0035e000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
287723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
287823b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffc7d20000 LB 0x000f9000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0]
287923b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
288023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
288123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
288223b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
288323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
288423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
288523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
288623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
288723b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
288823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
288923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
289023b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
289123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
289223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
289323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
289423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
289523b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
289623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
289723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
289823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
289923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
290023b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
290123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
290223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
290323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
290423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
290523b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
290623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
290723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
290823b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
290923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
291023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
291123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
291223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
291323b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
291423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
291523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
291623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
291723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
291823b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
291923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
292023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
292123b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
292223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
292323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
292423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
292523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
292623b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
292723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
292823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
292923b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
293023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
293123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
293223b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
293323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
293423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
293523b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
293623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
293723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
293823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
293923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
294023b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
294123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
294223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
294323b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
294423b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
294523b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
294623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd54b0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
294723b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
294823b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
294923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd54b0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
295023b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
295123b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
295223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6830000 'api-ms-win-core-com-l1-1-0.dll'
295323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
295423b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
295523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd5300000 'C:\WINDOWS\system32\ole32.dll'
295623b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
295723b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
295823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4fd0000 'C:\WINDOWS\System32\MSCTF.dll'
295923b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
296023b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
296123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd5300000 'C:\WINDOWS\System32\ole32.dll'
296223b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
296323b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
296423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd5ad0000 'C:\WINDOWS\System32\OLEAUT32.dll'
296523b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b34 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
296623b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
296723b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
296823b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB3ECA1473EC52F9B019D265122638E0788939AC
296923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
297023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
297123b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.1052.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
297223b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
297323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
297423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
297523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
297623b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
297723b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
297823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
297923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
298023b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b3c pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
298123b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
298223b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
298323b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=81079EBE9391E32B4247EEC5D81D5FE7F690612C
298423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
298523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
298623b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.1052.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
298723b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
298823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
298923b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
299023b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
299123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
299223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
299323b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
299423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
299523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
299623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
299723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
299823b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
299923b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
300023b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
300123b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffc9710000 LB 0x00094000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
300223b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
300323b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffc97b0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
300423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
300523b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
300623b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
300723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
300823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc97b0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
300923b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b40 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
301023b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
301123b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
301223b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=34BA357EFBCEA3447E98131975A6D86BBAD90C80
301323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
301423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
301523b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.1052.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
301623b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
301723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
301823b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
301923b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
302023b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
302123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
302223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
302323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
302423b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
302523b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
302623b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
302723b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffc8210000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
302823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
302923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc8210000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
303023b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
303123b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
303223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-localization-l1-2-0.dll'
303323b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
303423b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
303523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
303623b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b5c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
303723b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
303823b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
303923b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=184DC69A17259EC62BC6A74793DCE28D7CC5A1AC
304023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
304123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
304223b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.19041.1052.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
304323b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
304423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
304523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
304623b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
304723b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
304823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
304923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
305023b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
305123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
305223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
305323b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
305423b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
305523b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffc8540000 LB 0x0010b000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
305623b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
305723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc8540000 'C:\WINDOWS\system32\wbem\fastprox.dll'
305823b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b78 pwszName=\Device\HarddiskVolume4\Windows\System32\amsi.dll
305923b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
306023b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
306123b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=245B8E27DCB2C7A41C4202082696F699C79E039C
306223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
306323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
306423b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.985.cat'; file='\Device\HarddiskVolume4\Windows\System32\amsi.dll'
306523b0.38f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
306623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
306723b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
306823b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\amsi.dll) WinVerifyTrust
306923b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\amsi.dll
307023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
307123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
307223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
307323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
307423b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
307523b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
307623b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffc7220000 LB 0x00019000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
307723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
307823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc7220000 'C:\WINDOWS\System32\amsi.dll'
307923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
308023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
308123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
308223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
308323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
308423b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpOAV.dll) WinVerifyTrust
308523b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpOAV.dll
308623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
308723b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
308823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
308923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
309023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
309123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
309223b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
309323b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpOAV.dll
309423b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffc18f0000 LB 0x00079000 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpOav.dll [fFlags=0x0]
309523b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpOAV.dll
309623b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
309723b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
309823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-synch-l1-2-0'
309923b0.38f8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
310023b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
310123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4600000 'api-ms-win-core-localization-l1-2-1'
310223b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
310323b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
310423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd5a10000 'C:\WINDOWS\System32\kernel32.dll'
310523b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
310623b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
310723b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll)
310823b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
310923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
311023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
311123b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
311223b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
311323b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffcc3a0000 LB 0x0000a000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
311423b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
311523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc3a0000 'C:\WINDOWS\system32\version.dll'
311623b0.38f8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
311723b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\version.dll' [rescheduled]
311823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc18f0000 'C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpOav.dll'
311923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
312023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
312123b0.38f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\version.dll'
312223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
312323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
312423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
312523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
312623b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
312723b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
312823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
312923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
313023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
313123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
313223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
313323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
313423b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
313523b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
313623b0.38f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
313723b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
313823b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
313923b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
314023b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
314123b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
314223b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
314323b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
314423b0.38f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
314523b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
314623b0.38f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
314723b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
314823b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
314923b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
315023b0.38f8: supR3HardenedDllNotificationCallback: load 0000000050e70000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
315123b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
315223b0.38f8: supR3HardenedDllNotificationCallback: load 00007fff6fd10000 LB 0x002d2000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
315323b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
315423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6fd10000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
315523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
315623b0.23b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
315723b0.23b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
315823b0.23b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
315923b0.23b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
316023b0.23b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
316123b0.23b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
316223b0.23b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
316323b0.23b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
316423b0.23b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
316523b0.23b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
316623b0.23b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
316723b0.23b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
316823b0.23b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
316923b0.23b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
317023b0.23b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
317123b0.23b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
317223b0.23b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
317323b0.23b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
317423b0.23b4: supR3HardenedDllNotificationCallback: load 00007fffcf6b0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
317523b0.23b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
317623b0.23b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcf6b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
317723b0.23b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd54b0000 'C:\WINDOWS\system32\User32.dll'
317823b0.22c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
317923b0.22c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
318023b0.22c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
318123b0.22c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
318223b0.22c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
318323b0.22c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
318423b0.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
318523b0.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
318623b0.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
318723b0.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
318823b0.22c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
318923b0.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
319023b0.22c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
319123b0.22c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
319223b0.22c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
319323b0.22c0: supR3HardenedDllNotificationCallback: load 00007fffcd9c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
319423b0.22c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
319523b0.22c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcd9c0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
319623b0.3b88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
319723b0.3b88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
319823b0.3b88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
319923b0.3b88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
320023b0.3b88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
320123b0.3b88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
320223b0.3b88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
320323b0.3b88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
320423b0.3b88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
320523b0.3b88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
320623b0.3b88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
320723b0.3b88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
320823b0.3b88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
320923b0.3b88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
321023b0.3b88: supR3HardenedDllNotificationCallback: load 00007fffcc4a0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
321123b0.3b88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
321223b0.3b88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc4a0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
321323b0.3ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
321423b0.3ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
321523b0.3ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
321623b0.3ab0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
321723b0.3ab0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
321823b0.3ab0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
321923b0.3ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
322023b0.3ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
322123b0.3ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
322223b0.3ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
322323b0.3ab0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
322423b0.3ab0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
322523b0.3ab0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
322623b0.3ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
322723b0.3ab0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
322823b0.3ab0: supR3HardenedDllNotificationCallback: load 00007fffcc490000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
322923b0.3ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
323023b0.3ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc490000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
323123b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
323223b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
323323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\Shell32.dll'
323423b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
323523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
323623b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
323723b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
323823b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
323923b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
324023b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
324123b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
324223b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
324323b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
324423b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
324523b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
324623b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
324723b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
324823b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
324923b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
325023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
325123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
325223b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
325323b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
325423b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
325523b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
325623b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
325723b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
325823b0.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
325923b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
326023b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
326123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
326223b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
326323b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
326423b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
326523b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
326623b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'bcrypt.dll'.
326723b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
326823b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
326923b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
327023b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
327123b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
327223b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
327323b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
327423b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
327523b0.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
327623b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
327723b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
327823b0.3628: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
327923b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
328023b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
328123b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
328223b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
328323b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
328423b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
328523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
328623b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
328723b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
328823b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
328923b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
329023b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
329123b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
329223b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
329323b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
329423b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
329523b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
329623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
329723b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
329823b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
329923b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
330023b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
330123b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
330223b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
330323b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
330423b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
330523b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
330623b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
330723b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
330823b0.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
330923b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
331023b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
331123b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
331223b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
331323b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
331423b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
331523b0.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
331623b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
331723b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
331823b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
331923b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
332023b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
332123b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
332223b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
332323b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
332423b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
332523b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
332623b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
332723b0.3628: supR3HardenedDllNotificationCallback: load 00007fffd4340000 LB 0x0004e000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
332823b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
332923b0.3628: supR3HardenedDllNotificationCallback: load 00007fffd5ba0000 LB 0x00469000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
333023b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
333123b0.3628: supR3HardenedDllNotificationCallback: load 00007fffbd960000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
333223b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
333323b0.3628: supR3HardenedDllNotificationCallback: load 00007fffbfed0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
333423b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
333523b0.3628: supR3HardenedDllNotificationCallback: load 00007fffd3790000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
333623b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
333723b0.3628: supR3HardenedDllNotificationCallback: load 00007fff6f330000 LB 0x009d1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
333823b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
333923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6f330000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
334023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
334123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
334223b0.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
334323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
334423b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
334523b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
334623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6fff0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
334723b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
334823b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
334923b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
335023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffbfed0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
335123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
335223b0.39f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
335323b0.39f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
335423b0.39f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
335523b0.39f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
335623b0.39f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
335723b0.39f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
335823b0.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
335923b0.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
336023b0.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
336123b0.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
336223b0.39f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
336323b0.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
336423b0.39f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
336523b0.39f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
336623b0.39f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
336723b0.39f8: supR3HardenedDllNotificationCallback: load 00007fffc0150000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
336823b0.39f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
336923b0.39f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc0150000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
337023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
337123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
337223b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
337323b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
337423b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
337523b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
337623b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
337723b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
337823b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
337923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
338023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
338123b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
338223b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
338323b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
338423b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
338523b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
338623b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
338723b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
338823b0.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
338923b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
339023b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
339123b0.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
339223b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
339323b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
339423b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
339523b0.3628: supR3HardenedDllNotificationCallback: load 00007fffd40c0000 LB 0x0002c000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
339623b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
339723b0.3628: supR3HardenedDllNotificationCallback: load 00007fffcc590000 LB 0x00085000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
339823b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
339923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc590000 'C:\WINDOWS\System32\MMDevApi.dll'
340023b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001038 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
340123b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
340223b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
340323b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=52FFFB4153FE3DAE37A0C896FAC0D39F6841832F
340423b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
340523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
340623b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.985.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
340723b0.3628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
340823b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
340923b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
341023b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
341123b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
341223b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
341323b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
341423b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
341523b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
341623b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
341723b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
341823b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
341923b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
342023b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
342123b0.3628: supR3HardenedDllNotificationCallback: load 00007fffd3900000 LB 0x0004b000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0]
342223b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
342323b0.3628: supR3HardenedDllNotificationCallback: load 00007fffab520000 LB 0x00026000 C:\WINDOWS\SYSTEM32\winmmbase.dll [fFlags=0x0]
342423b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
342523b0.3628: supR3HardenedDllNotificationCallback: load 00007fff8fd70000 LB 0x0009c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
342623b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
342723b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\umpdc.dll)
342823b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\umpdc.dll
342923b0.3628: supR3HardenedDllNotificationCallback: load 00007fffd3770000 LB 0x00012000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0]
343023b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
343123b0.3628: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
343223b0.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
343323b0.3628: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
343423b0.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
343523b0.3628: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
343623b0.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
343723b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
343823b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
343923b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
344023b0.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
344123b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
344223b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
344323b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
344423b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\System32\dsound.dll'
344523b0.3628: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
344623b0.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
344723b0.3628: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
344823b0.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
344923b0.3628: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
345023b0.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
345123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\System32\dsound.dll'
345223b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
345323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
345423b0.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'
345523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
345623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
345723b0.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
345823b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
345923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
346023b0.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
346123b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
346223b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
346323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
346423b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
346523b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
346623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcc590000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
346723b0.3bf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
346823b0.3bf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
346923b0.3bf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
347023b0.3bf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
347123b0.3bf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
347223b0.3bf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
347323b0.3bf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
347423b0.3bf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
347523b0.3bf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
347623b0.3bf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
347723b0.3bf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
347823b0.3bf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
347923b0.3bf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
348023b0.3bf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
348123b0.3bf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
348223b0.3bf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
348323b0.3bf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
348423b0.3bf8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
348523b0.3bf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
348623b0.3bf8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
348723b0.3bf8: supR3HardenedDllNotificationCallback: load 00007fffcd100000 LB 0x00181000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
348823b0.3bf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
348923b0.3bf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcd100000 'C:\WINDOWS\System32\AUDIOSES.DLL'
349023b0.3bf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
349123b0.3bf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
349223b0.3bf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll)
349323b0.3bf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll
349423b0.3bf8: supR3HardenedDllNotificationCallback: load 00007fffd1e80000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
349523b0.3bf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
349623b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
349723b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
349823b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
349923b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
350023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
350123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
350223b0.3628: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll'
350323b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
350423b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
350523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
350623b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010fc pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
350723b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
350823b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
350923b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F7F29B63FBFB61F7E4F361F4C3593442D614D77
351023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
351123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
351223b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.985.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
351323b0.3628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
351423b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
351523b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
351623b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ksuser.dll'.
351723b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'avrt.dll'.
351823b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
351923b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
352023b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
352123b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
352223b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
352323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
352423b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
352523b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
352623b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
352723b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
352823b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
352923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
353023b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
353123b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
353223b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
353323b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
353423b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
353523b0.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
353623b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
353723b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
353823b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
353923b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
354023b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
354123b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
354223b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
354323b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
354423b0.3628: supR3HardenedDllNotificationCallback: load 00007fffce820000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
354523b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
354623b0.3628: supR3HardenedDllNotificationCallback: load 00007fffcdf90000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
354723b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
354823b0.3628: supR3HardenedDllNotificationCallback: load 00007fff8e510000 LB 0x00046000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
354923b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
355023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
355123b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
355223b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
355323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
355423b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
355523b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
355623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
355723b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
355823b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
355923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
356023b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
356123b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
356223b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
356323b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
356423b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
356523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
356623b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
356723b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
356823b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
356923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
357023b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001118 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
357123b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
357223b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
357323b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F871EA11D693E9807F8DF13D54497BA0E40D30AB
357423b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
357523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
357623b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.985.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
357723b0.3628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
357823b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
357923b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
358023b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
358123b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
358223b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
358323b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
358423b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
358523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
358623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
358723b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
358823b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
358923b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
359023b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
359123b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
359223b0.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
359323b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
359423b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
359523b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
359623b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
359723b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
359823b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
359923b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
360023b0.3628: supR3HardenedDllNotificationCallback: load 00007fff8e4f0000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
360123b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
360223b0.3628: supR3HardenedDllNotificationCallback: load 00007fffb6260000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
360323b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
360423b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb6260000 'C:\WINDOWS\System32\msacm32.drv'
360523b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
360623b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
360723b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb6260000 'C:\WINDOWS\System32\msacm32.drv'
360823b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
360923b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
361023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb6260000 'C:\WINDOWS\System32\msacm32.drv'
361123b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
361223b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
361323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb6260000 'C:\WINDOWS\System32\msacm32.drv'
361423b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
361523b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
361623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb6260000 'C:\WINDOWS\System32\msacm32.drv'
361723b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
361823b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
361923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb6260000 'C:\WINDOWS\System32\msacm32.drv'
362023b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
362123b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
362223b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb6260000 'C:\WINDOWS\System32\msacm32.drv'
362323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb6260000 'C:\WINDOWS\System32\msacm32.drv'
362423b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb6260000 'C:\WINDOWS\System32\msacm32.drv'
362523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb6260000 'C:\WINDOWS\System32\msacm32.drv'
362623b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010e0 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
362723b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001104820
362823b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001104820
362923b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B1E0F68F4DF584853FE4112795D7092EFE15F7D
363023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
363123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
363223b0.3628: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.985.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
363323b0.3628: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
363423b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
363523b0.3628: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
363623b0.3628: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
363723b0.3628: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
363823b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
363923b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
364023b0.3628: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
364123b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
364223b0.3628: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
364323b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
364423b0.3628: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
364523b0.3628: supR3HardenedDllNotificationCallback: load 00007fffb0820000 LB 0x0000b000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
364623b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
364723b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb0820000 'C:\WINDOWS\System32\midimap.dll'
364823b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
364923b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
365023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb0820000 'C:\WINDOWS\System32\midimap.dll'
365123b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
365223b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
365323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb0820000 'C:\WINDOWS\System32\midimap.dll'
365423b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
365523b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
365623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffb0820000 'C:\WINDOWS\System32\midimap.dll'
365723b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
365823b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
365923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
366023b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
366123b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
366223b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
366323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
366423b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
366523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
366623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
366723b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
366823b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
366923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
367023b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
367123b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
367223b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
367323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
367423b0.3628: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
367523b0.3628: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
367623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
367723b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
367823b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
367923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
368023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
368123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
368223b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
368323b0.2b1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
368423b0.2b1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
368523b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
368623b0.2b1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
368723b0.2b1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
368823b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\System32\dsound.dll'
368923b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
369023b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
369123b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
369223b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
369323b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
369423b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
369523b0.11c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
369623b0.11c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
369723b0.11c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
369823b0.11c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4a80000 'C:\WINDOWS\System32\WINTRUST.DLL'
369923b0.11c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\CRYPT32.dll'
370023b0.11c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
370123b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
370223b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
370323b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'combase.dll'.
370423b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'windowmanagementapi.dll'.
370523b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'shcore.dll'.
370623b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'textinputframework.dll'.
370723b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'inputhost.dll'.
370823b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
370923b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
371023b0.11c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\Windows.UI.dll) WinVerifyTrust
371123b0.11c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
371223b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
371323b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
371423b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
371523b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
371623b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'inputhost.dll'...
371723b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'inputhost.dll' -> '\Device\HarddiskVolume4\Windows\System32\inputhost.dll' [rcNtRedir=0xc0150008]
371823b0.11c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
371923b0.11c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
372023b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
372123b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'coremessaging.dll'.
372223b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
372323b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'propsys.dll'.
372423b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'coreuicomponents.dll'.
372523b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
372623b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'shcore.dll'.
372723b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #52 'oleaut32.dll'.
372823b0.11c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\InputHost.dll) WinVerifyTrust
372923b0.11c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\InputHost.dll
373023b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
373123b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume4\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
373223b0.11c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
373323b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
373423b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
373523b0.11c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
373623b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'windowmanagementapi.dll'...
373723b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'windowmanagementapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\windowmanagementapi.dll' [rcNtRedir=0xc0150008]
373823b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
373923b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
374023b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
374123b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
374223b0.11c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
374323b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
374423b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
374523b0.11c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
374623b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
374723b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
374823b0.11c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
374923b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
375023b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
375123b0.11c0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\propsys.dll'.
375223b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'rpcrt4.dll'.
375323b0.11c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll)
375423b0.11c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
375523b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
375623b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
375723b0.11c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
375823b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
375923b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
376023b0.11c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
376123b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
376223b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
376323b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
376423b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
376523b0.11c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
376623b0.11c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
376723b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'msvcp_win.dll'.
376823b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'oleaut32.dll'.
376923b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'coremessaging.dll'.
377023b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'shcore.dll'.
377123b0.11c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'twinapi.appcore.dll'.
377223b0.11c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WindowManagementAPI.dll) WinVerifyTrust
377323b0.11c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WindowManagementAPI.dll
377423b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
377523b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
377623b0.11c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
377723b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
377823b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
377923b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
378023b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
378123b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'twinapi.appcore.dll'...
378223b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'twinapi.appcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll' [rcNtRedir=0xc0150008]
378323b0.11c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
378423b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
378523b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
378623b0.11c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
378723b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
378823b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
378923b0.11c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
379023b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
379123b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
379223b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
379323b0.11c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
379423b0.11c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
379523b0.11c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
379623b0.11c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WindowManagementAPI.dll
379723b0.11c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\InputHost.dll
379823b0.11c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll [avoiding WinVerifyTrust]
379923b0.11c0: supR3HardenedDllNotificationCallback: load 00007fffcd6c0000 LB 0x000a1000 C:\Windows\System32\WindowManagementAPI.dll [fFlags=0x0]
380023b0.11c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WindowManagementAPI.dll
380123b0.11c0: supR3HardenedDllNotificationCallback: load 00007fffcfcb0000 LB 0x000f6000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
380223b0.11c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll [avoiding WinVerifyTrust]
380323b0.11c0: supR3HardenedDllNotificationCallback: load 00007fffc7bc0000 LB 0x00152000 C:\Windows\System32\InputHost.dll [fFlags=0x0]
380423b0.11c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\InputHost.dll
380523b0.11c0: supR3HardenedDllNotificationCallback: load 00007fffc7fb0000 LB 0x00141000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
380623b0.11c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
380723b0.11c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc7fb0000 'C:\Windows\System32\Windows.UI.dll'
380823b0.11c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd3420000 'C:\WINDOWS\system32\rsaenh.dll'
380923b0.11c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd4ae0000 'C:\WINDOWS\System32\crypt32.dll'
381023b0.11c0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\propsys.dll'
381123b0.35d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
381223b0.35d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
381323b0.35d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffcdf90000 'C:\WINDOWS\System32\avrt.dll'
381423b0.38c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
381523b0.38c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
381623b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
381723b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
381823b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
381923b0.38c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
382023b0.38c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
382123b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
382223b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
382323b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
382423b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
382523b0.3a8c: supR3HardenedDllNotificationCallback: Unload 00007fffc7fb0000 LB 0x00141000 C:\Windows\System32\Windows.UI.dll [flags=0x0]
382623b0.3a8c: supR3HardenedDllNotificationCallback: Unload 00007fffcd6c0000 LB 0x000a1000 C:\Windows\System32\WindowManagementAPI.dll [flags=0x0]
382723b0.3a8c: supR3HardenedDllNotificationCallback: Unload 00007fffc7bc0000 LB 0x00152000 C:\Windows\System32\InputHost.dll [flags=0x0]
382823b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
382923b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
383023b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
383123b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
383223b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
383323b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
383423b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
383523b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
383623b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
383723b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
383823b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
383923b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
384023b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
384123b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
384223b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
384323b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
384423b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
384523b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
384623b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
384723b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
384823b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
384923b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
385023b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
385123b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
385223b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
385323b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
385423b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
385523b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
385623b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
385723b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
385823b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
385923b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
386023b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
386123b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
386223b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
386323b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
386423b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
386523b0.2b1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
386623b0.2b1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
386723b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
386823b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
386923b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
387023b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
387123b0.3c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
387223b0.3c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
387323b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
387423b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
387523b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
387623b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
387723b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
387823b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
387923b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
388023b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
388123b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
388223b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
388323b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
388423b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
388523b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
388623b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
388723b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
388823b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
388923b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
389023b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
389123b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
389223b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
389323b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
389423b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
389523b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
389623b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
389723b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
389823b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
389923b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
390023b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
390123b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
390223b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
390323b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
390423b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
390523b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
390623b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
390723b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
390823b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
390923b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
391023b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
391123b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
391223b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
391323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
391423b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
391523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
391623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
391723b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
391823b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
391923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
392023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
392123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
392223b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
392323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
392423b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
392523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
392623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
392723b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
392823b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
392923b0.38c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
393023b0.38c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
393123b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
393223b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
393323b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
393423b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
393523b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
393623b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
393723b0.38c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
393823b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
393923b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
394023b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
394123b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
394223b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
394323b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
394423b0.2b1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
394523b0.2b1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
394623b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
394723b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
394823b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
394923b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
395023b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
395123b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
395223b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
395323b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
395423b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
395523b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
395623b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
395723b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
395823b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
395923b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
396023b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
396123b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
396223b0.2b1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
396323b0.2b1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
396423b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
396523b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
396623b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
396723b0.2b1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
396823b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
396923b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
397023b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
397123b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
397223b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
397323b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
397423b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
397523b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
397623b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
397723b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
397823b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
397923b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
398023b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
398123b0.3c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
398223b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8fd70000 'C:\WINDOWS\system32\dsound.dll'
398323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
398423b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
398523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
398623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
398723b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
398823b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
398923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff8e510000 'C:\WINDOWS\System32\wdmaud.drv'
399023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
399123b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
399223b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
399323b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
399423b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
399523b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
399623b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
399723b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
399823b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
399923b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
400023b0.3628: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffc1590000 'C:\WINDOWS\System32\winmm.dll'
400123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
400223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
400323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
400423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
400523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
400623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
400723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
400823b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
400923b0.38f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
401023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
401123b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
401223b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
401323b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
401423b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
401523b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
401623b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
401723b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
401823b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
401923b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
402023b0.38f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffd6010000 'C:\WINDOWS\system32\shell32.dll'
402123b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
402223b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
402323b0.38f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'oleaut32.dll'.
402423b0.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\edputil.dll)
402523b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\edputil.dll
402623b0.38f8: supR3HardenedDllNotificationCallback: load 00007fffaf680000 LB 0x00024000 C:\WINDOWS\SYSTEM32\edputil.dll [fFlags=0x0]
402723b0.38f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\edputil.dll [avoiding WinVerifyTrust]
402823b0.38f8: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
402923b0.38f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
403023b0.38f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
403123b0.38f8: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000013b0 (hFile=00000000000009a4) with 0xc0000022 -> STATUS_TRUST_FAILURE
403223b0.38f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
403323b0.38f8: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000009a4 (hFile=00000000000013b0) with 0xc0000022 -> STATUS_TRUST_FAILURE

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy