VirtualBox

Ticket #15889: VBoxHardening.log

File VBoxHardening.log, 370.3 KB (added by daint, 7 years ago)
Line 
13684.1b58: Log file opened: 5.1.24r117012 g_hStartupLog=000000000000006c g_uNtVerCombined=0xa03ad700
23684.1b58: \SystemRoot\System32\ntdll.dll:
33684.1b58: CreationTime: 2017-07-12T18:04:04.081060200Z
43684.1b58: LastWriteTime: 2017-06-20T06:10:49.467134900Z
53684.1b58: ChangeTime: 2017-07-14T11:20:28.617971600Z
63684.1b58: FileAttributes: 0x20
73684.1b58: Size: 0x1d7450
83684.1b58: NT Headers: 0xe0
93684.1b58: Timestamp: 0xa329d3a8
103684.1b58: Machine: 0x8664 - amd64
113684.1b58: Timestamp: 0xa329d3a8
123684.1b58: Image Version: 10.0
133684.1b58: SizeOfImage: 0x1db000 (1945600)
143684.1b58: Resource Dir: 0x170000 LB 0x69398
153684.1b58: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163684.1b58: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
173684.1b58: ProductName: Microsoft® Windows® Operating System
183684.1b58: ProductVersion: 10.0.15063.447
193684.1b58: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
203684.1b58: FileDescription: NT Layer DLL
213684.1b58: \SystemRoot\System32\kernel32.dll:
223684.1b58: CreationTime: 2017-05-09T18:17:18.543127000Z
233684.1b58: LastWriteTime: 2017-04-28T01:06:01.409897400Z
243684.1b58: ChangeTime: 2017-07-12T18:06:33.202256400Z
253684.1b58: FileAttributes: 0x20
263684.1b58: Size: 0xad068
273684.1b58: NT Headers: 0xf8
283684.1b58: Timestamp: 0xf5fa43df
293684.1b58: Machine: 0x8664 - amd64
303684.1b58: Timestamp: 0xf5fa43df
313684.1b58: Image Version: 10.0
323684.1b58: SizeOfImage: 0xae000 (712704)
333684.1b58: Resource Dir: 0xac000 LB 0x520
343684.1b58: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353684.1b58: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
363684.1b58: ProductName: Microsoft® Windows® Operating System
373684.1b58: ProductVersion: 10.0.15063.296
383684.1b58: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
393684.1b58: FileDescription: Windows NT BASE API Client DLL
403684.1b58: \SystemRoot\System32\KernelBase.dll:
413684.1b58: CreationTime: 2017-07-12T18:04:16.623930700Z
423684.1b58: LastWriteTime: 2017-07-07T07:23:03.284884800Z
433684.1b58: ChangeTime: 2017-07-14T11:20:26.664828100Z
443684.1b58: FileAttributes: 0x20
453684.1b58: Size: 0x249df0
463684.1b58: NT Headers: 0x100
473684.1b58: Timestamp: 0xaa6457d1
483684.1b58: Machine: 0x8664 - amd64
493684.1b58: Timestamp: 0xaa6457d1
503684.1b58: Image Version: 10.0
513684.1b58: SizeOfImage: 0x249000 (2396160)
523684.1b58: Resource Dir: 0x22a000 LB 0x548
533684.1b58: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543684.1b58: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
553684.1b58: ProductName: Microsoft® Windows® Operating System
563684.1b58: ProductVersion: 10.0.15063.483
573684.1b58: FileVersion: 10.0.15063.483 (WinBuild.160101.0800)
583684.1b58: FileDescription: Windows NT BASE API Client DLL
593684.1b58: \SystemRoot\System32\apisetschema.dll:
603684.1b58: CreationTime: 2017-03-18T20:57:35.373527900Z
613684.1b58: LastWriteTime: 2017-03-18T20:57:35.373527900Z
623684.1b58: ChangeTime: 2017-04-13T17:49:24.228628300Z
633684.1b58: FileAttributes: 0x20
643684.1b58: Size: 0x1ada0
653684.1b58: NT Headers: 0xc0
663684.1b58: Timestamp: 0x76544b2
673684.1b58: Machine: 0x8664 - amd64
683684.1b58: Timestamp: 0x76544b2
693684.1b58: Image Version: 10.0
703684.1b58: SizeOfImage: 0x1b000 (110592)
713684.1b58: Resource Dir: 0x1a000 LB 0x408
723684.1b58: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733684.1b58: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
743684.1b58: ProductName: Microsoft® Windows® Operating System
753684.1b58: ProductVersion: 10.0.15063.0
763684.1b58: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
773684.1b58: FileDescription: ApiSet Schema DLL
783684.1b58: NtOpenDirectoryObject failed on \Driver: 0xc0000022
793684.1b58: supR3HardenedWinFindAdversaries: 0x0
803684.1b58: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
813684.1b58: Calling main()
823684.1b58: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
833684.1b58: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
843684.1b58: SUPR3HardenedMain: Respawn #1
853684.1b58: System32: \Device\HarddiskVolume4\Windows\System32
863684.1b58: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
873684.1b58: KnownDllPath: C:\WINDOWS\System32
883684.1b58: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
893684.1b58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
903684.1b58: supR3HardNtEnableThreadCreation:
913684.1b58: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa93229ac0 pvNtTerminateThread=00007ffa93255df0
923684.1b58: supR3HardenedWinDoReSpawn(1): New child 22c8.b98 [kernel32].
933684.1b58: supR3HardNtChildGatherData: PebBaseAddress=000000000046c000 cbPeb=0x388
943684.1b58: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa931b0000 uNtDllChildAddr=00007ffa931b0000
953684.1b58: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa93229ac0
963684.1b58: supR3HardenedWinSetupChildInit: Start child.
973684.1b58: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
983684.1b58: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 32 sleeps
993684.1b58: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1003684.1b58: *0000000000000000-000000000030ffff 0x0001/0x0000 0x0000000
1013684.1b58: *0000000000310000-000000000032ffff 0x0004/0x0004 0x0020000
1023684.1b58: *0000000000330000-0000000000347fff 0x0002/0x0002 0x0040000
1033684.1b58: 0000000000348000-000000000034ffff 0x0001/0x0000 0x0000000
1043684.1b58: *0000000000350000-0000000000353fff 0x0002/0x0002 0x0040000
1053684.1b58: 0000000000354000-000000000035ffff 0x0001/0x0000 0x0000000
1063684.1b58: *0000000000360000-0000000000360fff 0x0004/0x0004 0x0020000
1073684.1b58: 0000000000361000-00000000003fffff 0x0001/0x0000 0x0000000
1083684.1b58: *0000000000400000-000000000046bfff 0x0000/0x0004 0x0020000
1093684.1b58: 000000000046c000-000000000046efff 0x0004/0x0004 0x0020000
1103684.1b58: 000000000046f000-00000000005fffff 0x0000/0x0004 0x0020000
1113684.1b58: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
1123684.1b58: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
1133684.1b58: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
1143684.1b58: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
1153684.1b58: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1163684.1b58: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1173684.1b58: 000000007fff0000-00007ff7960effff 0x0001/0x0000 0x0000000
1183684.1b58: *00007ff7960f0000-00007ff796112fff 0x0002/0x0002 0x0040000
1193684.1b58: 00007ff796113000-00007ff79639ffff 0x0001/0x0000 0x0000000
1203684.1b58: *00007ff7963a0000-00007ff7963a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1213684.1b58: 00007ff7963a1000-00007ff796410fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1223684.1b58: 00007ff796411000-00007ff796411fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1233684.1b58: 00007ff796412000-00007ff796457fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1243684.1b58: 00007ff796458000-00007ff796458fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1253684.1b58: 00007ff796459000-00007ff796459fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1263684.1b58: 00007ff79645a000-00007ff79645efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1273684.1b58: 00007ff79645f000-00007ff79645ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1283684.1b58: 00007ff796460000-00007ff796460fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1293684.1b58: 00007ff796461000-00007ff796464fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1303684.1b58: 00007ff796465000-00007ff7964acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1313684.1b58: 00007ff7964ad000-00007ffa931affff 0x0001/0x0000 0x0000000
1323684.1b58: *00007ffa931b0000-00007ffa931b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1333684.1b58: 00007ffa931b1000-00007ffa932bffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1343684.1b58: 00007ffa932c0000-00007ffa93304fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1353684.1b58: 00007ffa93305000-00007ffa9330cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1363684.1b58: 00007ffa9330d000-00007ffa9331afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1373684.1b58: 00007ffa9331b000-00007ffa9331bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1383684.1b58: 00007ffa9331c000-00007ffa9331efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1393684.1b58: 00007ffa9331f000-00007ffa9338afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1403684.1b58: 00007ffa9338b000-00007ffffffdffff 0x0001/0x0000 0x0000000
1413684.1b58: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
1423684.1b58: VirtualBox.exe: timestamp 0x596d0abb (rc=VINF_SUCCESS)
1433684.1b58: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1443684.1b58: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
1453684.1b58: supR3HardNtChildPurify: Done after 332 ms and 0 fixes (loop #0).
14622c8.b98: Log file opened: 5.1.24r117012 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
14722c8.b98: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa931b0000 g_uNtVerCombined=0xa03ad700
1483684.1b58: supR3HardNtEnableThreadCreation:
14922c8.b98: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
15022c8.b98: New simple heap: #1 0000000000800000 LB 0x400000 (for 1945600 allocation)
15122c8.b98: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
15222c8.b98: System32: \Device\HarddiskVolume4\Windows\System32
15322c8.b98: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
15422c8.b98: KnownDllPath: C:\WINDOWS\System32
15522c8.b98: supR3HardenedVmProcessInit: Opening vboxdrv stub...
15622c8.b98: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
15722c8.b98: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
15822c8.b98: Registered Dll notification callback with NTDLL.
15922c8.b98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
16022c8.b98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
16122c8.b98: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
16222c8.b98: supR3HardenedDllNotificationCallback: load 00007ffa902b0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
16322c8.b98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
16422c8.b98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
16522c8.b98: supR3HardenedDllNotificationCallback: load 00007ffa907b0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
16622c8.b98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
16722c8.b98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa907b0000 'C:\WINDOWS\System32\KERNEL32.DLL'
16822c8.b98: supR3HardenedDllNotificationCallback: load 00007ff7963a0000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
16922c8.b98: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17022c8.b98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
17122c8.b98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
17222c8.b98: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa93229ac0 pvNtTerminateThread=00007ffa93255df0
1733684.1b58: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 71 ms.
17422c8.b98: \SystemRoot\System32\ntdll.dll:
17522c8.b98: CreationTime: 2017-07-12T18:04:04.081060200Z
17622c8.b98: LastWriteTime: 2017-06-20T06:10:49.467134900Z
17722c8.b98: ChangeTime: 2017-07-14T11:20:28.617971600Z
17822c8.b98: FileAttributes: 0x20
17922c8.b98: Size: 0x1d7450
18022c8.b98: NT Headers: 0xe0
18122c8.b98: Timestamp: 0xa329d3a8
18222c8.b98: Machine: 0x8664 - amd64
18322c8.b98: Timestamp: 0xa329d3a8
18422c8.b98: Image Version: 10.0
18522c8.b98: SizeOfImage: 0x1db000 (1945600)
18622c8.b98: Resource Dir: 0x170000 LB 0x69398
18722c8.b98: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
18822c8.b98: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
18922c8.b98: ProductName: Microsoft® Windows® Operating System
19022c8.b98: ProductVersion: 10.0.15063.447
19122c8.b98: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
19222c8.b98: FileDescription: NT Layer DLL
19322c8.b98: \SystemRoot\System32\kernel32.dll:
19422c8.b98: CreationTime: 2017-05-09T18:17:18.543127000Z
19522c8.b98: LastWriteTime: 2017-04-28T01:06:01.409897400Z
19622c8.b98: ChangeTime: 2017-07-12T18:06:33.202256400Z
19722c8.b98: FileAttributes: 0x20
19822c8.b98: Size: 0xad068
19922c8.b98: NT Headers: 0xf8
20022c8.b98: Timestamp: 0xf5fa43df
20122c8.b98: Machine: 0x8664 - amd64
20222c8.b98: Timestamp: 0xf5fa43df
20322c8.b98: Image Version: 10.0
20422c8.b98: SizeOfImage: 0xae000 (712704)
20522c8.b98: Resource Dir: 0xac000 LB 0x520
20622c8.b98: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
20722c8.b98: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
20822c8.b98: ProductName: Microsoft® Windows® Operating System
20922c8.b98: ProductVersion: 10.0.15063.296
21022c8.b98: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
21122c8.b98: FileDescription: Windows NT BASE API Client DLL
21222c8.b98: \SystemRoot\System32\KernelBase.dll:
21322c8.b98: CreationTime: 2017-07-12T18:04:16.623930700Z
21422c8.b98: LastWriteTime: 2017-07-07T07:23:03.284884800Z
21522c8.b98: ChangeTime: 2017-07-14T11:20:26.664828100Z
21622c8.b98: FileAttributes: 0x20
21722c8.b98: Size: 0x249df0
21822c8.b98: NT Headers: 0x100
21922c8.b98: Timestamp: 0xaa6457d1
22022c8.b98: Machine: 0x8664 - amd64
22122c8.b98: Timestamp: 0xaa6457d1
22222c8.b98: Image Version: 10.0
22322c8.b98: SizeOfImage: 0x249000 (2396160)
22422c8.b98: Resource Dir: 0x22a000 LB 0x548
22522c8.b98: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
22622c8.b98: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
22722c8.b98: ProductName: Microsoft® Windows® Operating System
22822c8.b98: ProductVersion: 10.0.15063.483
22922c8.b98: FileVersion: 10.0.15063.483 (WinBuild.160101.0800)
23022c8.b98: FileDescription: Windows NT BASE API Client DLL
23122c8.b98: \SystemRoot\System32\apisetschema.dll:
23222c8.b98: CreationTime: 2017-03-18T20:57:35.373527900Z
23322c8.b98: LastWriteTime: 2017-03-18T20:57:35.373527900Z
23422c8.b98: ChangeTime: 2017-04-13T17:49:24.228628300Z
23522c8.b98: FileAttributes: 0x20
23622c8.b98: Size: 0x1ada0
23722c8.b98: NT Headers: 0xc0
23822c8.b98: Timestamp: 0x76544b2
23922c8.b98: Machine: 0x8664 - amd64
24022c8.b98: Timestamp: 0x76544b2
24122c8.b98: Image Version: 10.0
24222c8.b98: SizeOfImage: 0x1b000 (110592)
24322c8.b98: Resource Dir: 0x1a000 LB 0x408
24422c8.b98: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
24522c8.b98: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
24622c8.b98: ProductName: Microsoft® Windows® Operating System
24722c8.b98: ProductVersion: 10.0.15063.0
24822c8.b98: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
24922c8.b98: FileDescription: ApiSet Schema DLL
25022c8.b98: NtOpenDirectoryObject failed on \Driver: 0xc0000022
25122c8.b98: supR3HardenedWinFindAdversaries: 0x0
25222c8.b98: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
25322c8.b98: Calling main()
25422c8.b98: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
25522c8.b98: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
25622c8.b98: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
25722c8.b98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
25822c8.b98: SUPR3HardenedMain: Respawn #2
25922c8.b98: supR3HardNtEnableThreadCreation:
26022c8.b98: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
26122c8.b98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
26222c8.b98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
26322c8.b98: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
26422c8.b98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa931b0000 'C:\WINDOWS\System32\ntdll.dll'
26522c8.b98: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa93229ac0 pvNtTerminateThread=00007ffa93255df0
26622c8.b98: supR3HardenedWinDoReSpawn(2): New child 3384.3140 [kernel32].
26722c8.b98: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
26822c8.b98: supR3HardNtChildGatherData: PebBaseAddress=000000000088b000 cbPeb=0x388
26922c8.b98: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa931b0000 uNtDllChildAddr=00007ffa931b0000
27022c8.b98: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa93229ac0
27122c8.b98: supR3HardenedWinSetupChildInit: Start child.
27222c8.b98: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
27322c8.b98: supR3HardNtChildPurify: Startup delay kludge #1/0: 257 ms, 31 sleeps
27422c8.b98: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
27522c8.b98: *0000000000000000-000000000073ffff 0x0001/0x0000 0x0000000
27622c8.b98: *0000000000740000-000000000075ffff 0x0004/0x0004 0x0020000
27722c8.b98: *0000000000760000-0000000000777fff 0x0002/0x0002 0x0040000
27822c8.b98: 0000000000778000-000000000077ffff 0x0001/0x0000 0x0000000
27922c8.b98: *0000000000780000-0000000000783fff 0x0002/0x0002 0x0040000
28022c8.b98: 0000000000784000-000000000078ffff 0x0001/0x0000 0x0000000
28122c8.b98: *0000000000790000-0000000000790fff 0x0004/0x0004 0x0020000
28222c8.b98: 0000000000791000-00000000007fffff 0x0001/0x0000 0x0000000
28322c8.b98: *0000000000800000-000000000088afff 0x0000/0x0004 0x0020000
28422c8.b98: 000000000088b000-000000000088dfff 0x0004/0x0004 0x0020000
28522c8.b98: 000000000088e000-00000000009fffff 0x0000/0x0004 0x0020000
28622c8.b98: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
28722c8.b98: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
28822c8.b98: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
28922c8.b98: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
29022c8.b98: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
29122c8.b98: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
29222c8.b98: 000000007fff0000-00007ff79624ffff 0x0001/0x0000 0x0000000
29322c8.b98: *00007ff796250000-00007ff796272fff 0x0002/0x0002 0x0040000
29422c8.b98: 00007ff796273000-00007ff79639ffff 0x0001/0x0000 0x0000000
29522c8.b98: *00007ff7963a0000-00007ff7963a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
29622c8.b98: 00007ff7963a1000-00007ff796410fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
29722c8.b98: 00007ff796411000-00007ff796411fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
29822c8.b98: 00007ff796412000-00007ff796457fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
29922c8.b98: 00007ff796458000-00007ff796458fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
30022c8.b98: 00007ff796459000-00007ff796459fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
30122c8.b98: 00007ff79645a000-00007ff79645efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
30222c8.b98: 00007ff79645f000-00007ff79645ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
30322c8.b98: 00007ff796460000-00007ff796460fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
30422c8.b98: 00007ff796461000-00007ff796464fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
30522c8.b98: 00007ff796465000-00007ff7964acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
30622c8.b98: 00007ff7964ad000-00007ffa931affff 0x0001/0x0000 0x0000000
30722c8.b98: *00007ffa931b0000-00007ffa931b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
30822c8.b98: 00007ffa931b1000-00007ffa932bffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
30922c8.b98: 00007ffa932c0000-00007ffa93304fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
31022c8.b98: 00007ffa93305000-00007ffa9330cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
31122c8.b98: 00007ffa9330d000-00007ffa9331afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
31222c8.b98: 00007ffa9331b000-00007ffa9331bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
31322c8.b98: 00007ffa9331c000-00007ffa9331efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
31422c8.b98: 00007ffa9331f000-00007ffa9338afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
31522c8.b98: 00007ffa9338b000-00007ffffffdffff 0x0001/0x0000 0x0000000
31622c8.b98: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
31722c8.b98: VirtualBox.exe: timestamp 0x596d0abb (rc=VINF_SUCCESS)
31822c8.b98: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
31922c8.b98: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
32022c8.b98: supR3HardNtChildPurify: Done after 358 ms and 0 fixes (loop #0).
3213384.3140: Log file opened: 5.1.24r117012 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
3223384.3140: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa931b0000 g_uNtVerCombined=0xa03ad700
3233384.3140: ntdll.dll: timestamp 0xa329d3a8 (rc=VINF_SUCCESS)
3243384.3140: New simple heap: #1 0000000000c00000 LB 0x400000 (for 1945600 allocation)
32522c8.b98: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
32622c8.b98: supR3HardNtEnableThreadCreation:
3273384.3140: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3283384.3140: System32: \Device\HarddiskVolume4\Windows\System32
3293384.3140: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
3303384.3140: KnownDllPath: C:\WINDOWS\System32
3313384.3140: supR3HardenedVmProcessInit: Opening vboxdrv...
3323384.3140: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3333384.3140: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3343384.3140: Registered Dll notification callback with NTDLL.
3353384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
3363384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
3373384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3383384.3140: supR3HardenedDllNotificationCallback: load 00007ffa902b0000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3393384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
3403384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
3413384.3140: supR3HardenedDllNotificationCallback: load 00007ffa907b0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3423384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3433384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa907b0000 'C:\WINDOWS\System32\KERNEL32.DLL'
3443384.3140: supR3HardenedDllNotificationCallback: load 00007ff7963a0000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3453384.3140: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3463384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3473384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3483384.3140: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa93229ac0 pvNtTerminateThread=00007ffa93255df0
34922c8.b98: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 87 ms.
3503384.3140: \SystemRoot\System32\ntdll.dll:
3513384.3140: CreationTime: 2017-07-12T18:04:04.081060200Z
3523384.3140: LastWriteTime: 2017-06-20T06:10:49.467134900Z
3533384.3140: ChangeTime: 2017-07-14T11:20:28.617971600Z
3543384.3140: FileAttributes: 0x20
3553384.3140: Size: 0x1d7450
3563384.3140: NT Headers: 0xe0
3573384.3140: Timestamp: 0xa329d3a8
3583384.3140: Machine: 0x8664 - amd64
3593384.3140: Timestamp: 0xa329d3a8
3603384.3140: Image Version: 10.0
3613384.3140: SizeOfImage: 0x1db000 (1945600)
3623384.3140: Resource Dir: 0x170000 LB 0x69398
3633384.3140: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3643384.3140: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3653384.3140: ProductName: Microsoft® Windows® Operating System
3663384.3140: ProductVersion: 10.0.15063.447
3673384.3140: FileVersion: 10.0.15063.447 (WinBuild.160101.0800)
3683384.3140: FileDescription: NT Layer DLL
3693384.3140: \SystemRoot\System32\kernel32.dll:
3703384.3140: CreationTime: 2017-05-09T18:17:18.543127000Z
3713384.3140: LastWriteTime: 2017-04-28T01:06:01.409897400Z
3723384.3140: ChangeTime: 2017-07-12T18:06:33.202256400Z
3733384.3140: FileAttributes: 0x20
3743384.3140: Size: 0xad068
3753384.3140: NT Headers: 0xf8
3763384.3140: Timestamp: 0xf5fa43df
3773384.3140: Machine: 0x8664 - amd64
3783384.3140: Timestamp: 0xf5fa43df
3793384.3140: Image Version: 10.0
3803384.3140: SizeOfImage: 0xae000 (712704)
3813384.3140: Resource Dir: 0xac000 LB 0x520
3823384.3140: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3833384.3140: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3843384.3140: ProductName: Microsoft® Windows® Operating System
3853384.3140: ProductVersion: 10.0.15063.296
3863384.3140: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
3873384.3140: FileDescription: Windows NT BASE API Client DLL
3883384.3140: \SystemRoot\System32\KernelBase.dll:
3893384.3140: CreationTime: 2017-07-12T18:04:16.623930700Z
3903384.3140: LastWriteTime: 2017-07-07T07:23:03.284884800Z
3913384.3140: ChangeTime: 2017-07-14T11:20:26.664828100Z
3923384.3140: FileAttributes: 0x20
3933384.3140: Size: 0x249df0
3943384.3140: NT Headers: 0x100
3953384.3140: Timestamp: 0xaa6457d1
3963384.3140: Machine: 0x8664 - amd64
3973384.3140: Timestamp: 0xaa6457d1
3983384.3140: Image Version: 10.0
3993384.3140: SizeOfImage: 0x249000 (2396160)
4003384.3140: Resource Dir: 0x22a000 LB 0x548
4013384.3140: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4023384.3140: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4033384.3140: ProductName: Microsoft® Windows® Operating System
4043384.3140: ProductVersion: 10.0.15063.483
4053384.3140: FileVersion: 10.0.15063.483 (WinBuild.160101.0800)
4063384.3140: FileDescription: Windows NT BASE API Client DLL
4073384.3140: \SystemRoot\System32\apisetschema.dll:
4083384.3140: CreationTime: 2017-03-18T20:57:35.373527900Z
4093384.3140: LastWriteTime: 2017-03-18T20:57:35.373527900Z
4103384.3140: ChangeTime: 2017-04-13T17:49:24.228628300Z
4113384.3140: FileAttributes: 0x20
4123384.3140: Size: 0x1ada0
4133384.3140: NT Headers: 0xc0
4143384.3140: Timestamp: 0x76544b2
4153384.3140: Machine: 0x8664 - amd64
4163384.3140: Timestamp: 0x76544b2
4173384.3140: Image Version: 10.0
4183384.3140: SizeOfImage: 0x1b000 (110592)
4193384.3140: Resource Dir: 0x1a000 LB 0x408
4203384.3140: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4213384.3140: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4223384.3140: ProductName: Microsoft® Windows® Operating System
4233384.3140: ProductVersion: 10.0.15063.0
4243384.3140: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
4253384.3140: FileDescription: ApiSet Schema DLL
4263384.3140: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4273384.3140: supR3HardenedWinFindAdversaries: 0x0
4283384.3140: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4293384.3140: Calling main()
4303384.3140: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4313384.3140: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4323384.3140: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4333384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4343384.3140: SUPR3HardenedMain: Final process, opening VBoxDrv...
4353384.3140: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
4363384.3140: supR3HardNtEnableThreadCreation:
4373384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4383384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4393384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4403384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4413384.3140: supR3HardenedDllNotificationCallback: load 00007ffa87e90000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4423384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4433384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4443384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4453384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e90000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4463384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4473384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4483384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e90000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4493384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e90000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4503384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4513384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4523384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4533384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
4543384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
4553384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
4563384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4573384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4583384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
4593384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
4603384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4613384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4623384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
4633384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
4643384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
4653384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4663384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4673384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
4683384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
4693384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4703384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4713384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
4723384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
4733384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4743384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4753384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4763384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4773384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90710000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
4783384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4793384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8f640000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
4803384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4813384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90610000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
4823384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
4833384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
4843384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90070000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
4853384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4863384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90860000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
4873384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4883384.3140: supR3HardenedDllNotificationCallback: load 00007ffa92eb0000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
4893384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
4903384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
4913384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
4923384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90bb0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
4933384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4943384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
4953384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
4963384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
4973384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
4983384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8fe80000 LB 0x00056000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
4993384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5003384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5013384.3140: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5023384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa902b0000 'api-ms-win-core-synch-l1-2-0'
5033384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5043384.3140: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5053384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa902b0000 'api-ms-win-core-fibers-l1-1-1'
5063384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5073384.3140: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5083384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa902b0000 'api-ms-win-core-fibers-l1-1-1'
5093384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5103384.3140: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5113384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa902b0000 'api-ms-win-core-synch-l1-2-0'
5123384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
5133384.3140: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5143384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa902b0000 'api-ms-win-core-localization-l1-2-1'
5153384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\WINDOWS\system32\Wintrust.dll'
5163384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
5173384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
5183384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5193384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5203384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5213384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
5223384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
5233384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
5243384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5253384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5263384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5273384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5283384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5293384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5303384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5313384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5323384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8f4f0000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
5333384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5343384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8f4f0000 'C:\WINDOWS\system32\bcrypt.dll'
5353384.3140: bcrypt.dll loaded at 00007ffa8f4f0000, BCryptOpenAlgorithmProvider at 00007ffa8f4f4aa0, preloading providers:
5363384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
5373384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
5383384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5393384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90240000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
5403384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5413384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90240000 'C:\WINDOWS\system32\bcryptprimitives.dll'
5423384.3140: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000115dc20)
5433384.3140: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000115ea40)
5443384.3140: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000115ed10)
5453384.3140: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000115efe0)
5463384.3140: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000115fac0)
5473384.3140: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000115fd90)
5483384.3140: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001160060)
5493384.3140: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001160330)
5503384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5513384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5523384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
5533384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5543384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5553384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
5563384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5573384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5583384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
5593384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5603384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5613384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
5623384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5633384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5643384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
5653384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5663384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5673384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
5683384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5693384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5703384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
5713384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
5723384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
5733384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8f080000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5743384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5753384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
5763384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
5773384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
5783384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5793384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5803384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5813384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5823384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5833384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8eaf0000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
5843384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5853384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
5863384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5873384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
5883384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
5893384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8f070000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5903384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5913384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5923384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5933384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5943384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5953384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5963384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa907b0000 'C:\WINDOWS\System32\kernel32.dll'
5973384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5983384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
5993384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6003384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6013384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\CRYPT32.dll'
6023384.3140: supR3HardenedDllNotificationCallback: load 00007ffa92cf0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
6033384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
6043384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
6053384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6063384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6073384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
6083384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
6093384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
6103384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
6113384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
6123384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
6133384.3140: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll)
6143384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll
6153384.3140: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000200 (hFile=00000000000001f4) with 0xc0000022 -> STATUS_TRUST_FAILURE
6163384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6173384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
6183384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
6193384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
6203384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8e410000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
6213384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
6223384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8f620000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
6233384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
6243384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
6253384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6263384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
6273384.3140: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
6283384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
6293384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6303384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6313384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6323384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6333384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6343384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6353384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6363384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6373384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6383384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6393384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6403384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6413384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
6423384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
6433384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
6443384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
6453384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ncrypt.dll)
6463384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ncrypt.dll
6473384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6483384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6493384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6503384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6513384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6523384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6533384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6543384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6553384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6563384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
6573384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
6583384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
6593384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
6603384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
6613384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
6623384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntasn1.dll)
6633384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntasn1.dll
6643384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6653384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6663384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6673384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6683384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6693384.3140: supR3HardenedDllNotificationCallback: load 00007ffa889a0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
6703384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6713384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6723384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6733384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
6743384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6753384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6763384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
6773384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6783384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6793384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
6803384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6813384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6823384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
6833384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6843384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6853384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
6863384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6873384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6883384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
6893384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6903384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
6913384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6923384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
6933384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6943384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
6953384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6963384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
6973384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6983384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
6993384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\WINDOWS\System32\cryptnet.dll'
7003384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7013384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa889a0000 'C:\Windows\System32\cryptnet.dll'
7023384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7033384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7043384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7053384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7063384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7073384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7083384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
7093384.3140: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000011e7c20
7103384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
7113384.3140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8B20614B43CC15BF412F46E920338E687B9EB4BD
7123384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7133384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7143384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90860000 'C:\WINDOWS\System32\rpcrt4.dll'
7153384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7163384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
7173384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7183384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
7193384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7203384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
7213384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7223384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
7233384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7243384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
7253384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7263384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
7273384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7283384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7293384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\Windows\System32\WINTRUST.DLL'
7303384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7313384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7323384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7333384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7343384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7353384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7363384.3140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1109_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\SystemRoot\System32\ntdll.dll'
7373384.3140: g_pfnWinVerifyTrust=00007ffa8fe8d3e0
7383384.3140: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
7393384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7403384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7413384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7423384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7433384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7443384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7453384.3140: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
7463384.3140: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
7473384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7483384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7493384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7503384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7513384.3140: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
7523384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7533384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7543384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7553384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7563384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll'
7573384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7583384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7593384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7603384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
7613384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7623384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7633384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7643384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll'
7653384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
7663384.3140: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
7673384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
7683384.3140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
7693384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7703384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7713384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7723384.3140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
7733384.3140: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7743384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
7753384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7763384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7773384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7783384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
7793384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7803384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7813384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7823384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
7833384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001fc pwszName=\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll
7843384.3140: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
7853384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
7863384.3140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FF31F66ACC1741364CE15D70DCEA891F87E6083
7873384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7883384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7893384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
7903384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7913384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7923384.3140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Security-Ngc-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll'
7933384.3140: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7943384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll'
7953384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7963384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
7973384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
7983384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
7993384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8003384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8013384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8023384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8033384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
8043384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8053384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8063384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8073384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
8083384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8093384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8103384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
8113384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8123384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8133384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
8143384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8153384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8163384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
8173384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8183384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8193384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
8203384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8213384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8223384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
8233384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8243384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8253384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
8263384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8273384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8283384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
8293384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8303384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8313384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
8323384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8333384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8343384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
8353384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8363384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
8373384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8383384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
8393384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8403384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8413384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
8423384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
8433384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
8443384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
8453384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\system32\crypt32.dll'
8463384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
8473384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
8483384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
8493384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
8503384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
8513384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
8523384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xc4b6264dd6ec9800 CN=DESKTOP-AAUJ18A
8533384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
8543384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
8553384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
8563384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
8573384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8583384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
8593384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
8603384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
8613384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
8623384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
8633384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
8643384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
8653384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
8663384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
8673384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
8683384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
8693384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
8703384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
8713384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
8723384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
8733384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
8743384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
8753384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
8763384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8773384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
8783384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
8793384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8803384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
8813384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
8823384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8833384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
8843384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
8853384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8863384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8873384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
8883384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
8893384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8903384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
8913384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8923384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
8933384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
8943384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
8953384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8963384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
8973384.3140: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8983384.3140: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=52
8993384.3140: SUPR3HardenedMain: Load Runtime...
9003384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
9013384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9023384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
9033384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
9043384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
9053384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
9063384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9073384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9083384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9093384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9103384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
9113384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
9123384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
9133384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9143384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
9153384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
9163384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9173384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
9183384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
9193384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
9203384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
9213384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
9223384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
9233384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9243384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9253384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9263384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
9273384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9283384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
9293384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
9303384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9313384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9323384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9333384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9343384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9353384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
9363384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
9373384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
9383384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
9393384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
9403384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9413384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9423384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
9433384.3140: supR3HardenedDllNotificationCallback: load 0000000055580000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
9443384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9453384.3140: supR3HardenedDllNotificationCallback: load 00000000554e0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
9463384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
9473384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90e40000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
9483384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
9493384.3140: supR3HardenedDllNotificationCallback: load 00007ffa53310000 LB 0x0053f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
9503384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9513384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9523384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
9533384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9543384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9553384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9563384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9573384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9583384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9593384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9603384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9613384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9623384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9633384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9643384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9653384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9663384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9673384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9683384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9693384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9703384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9713384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9723384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9733384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9743384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9753384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9763384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9773384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9783384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9793384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9803384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9813384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9823384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9833384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9843384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9853384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9863384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9873384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9883384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9893384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9903384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9913384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9923384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9933384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9943384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9953384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9963384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
9973384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9983384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9993384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10003384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10013384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53310000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
10023384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8fe80000 'C:\WINDOWS\system32\Wintrust.dll'
10033384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
10043384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
10053384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
10063384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
10073384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\system32\crypt32.dll'
10083384.3140: SUPR3HardenedMain: Load TrustedMain...
10093384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
10103384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
10113384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
10123384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
10133384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
10143384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
10153384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
10163384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
10173384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
10183384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
10193384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
10203384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
10213384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
10223384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
10233384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
10243384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
10253384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
10263384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
10273384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
10283384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
10293384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
10303384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
10313384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
10323384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
10333384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
10343384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
10353384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10363384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10373384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10383384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10393384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
10403384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
10413384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
10423384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
10433384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10443384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
10453384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
10463384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10473384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10483384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
10493384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
10503384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
10513384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
10523384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
10533384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
10543384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
10553384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
10563384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
10573384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
10583384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10593384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10603384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10613384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10623384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
10633384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
10643384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
10653384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
10663384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
10673384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
10683384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
10693384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
10703384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
10713384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
10723384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
10733384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10743384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10753384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
10763384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
10773384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
10783384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
10793384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
10803384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
10813384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
10823384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
10833384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10843384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10853384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10863384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10873384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
10883384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10893384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10903384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
10913384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10923384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
10933384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
10943384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
10953384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10963384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10973384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
10983384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
10993384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
11003384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11013384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11023384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11033384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11043384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11053384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
11063384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
11073384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
11083384.3140: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
11093384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
11103384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
11113384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
11123384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
11133384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11143384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
11153384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
11163384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) WinVerifyTrust
11173384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
11183384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11193384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11203384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
11213384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11223384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11233384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
11243384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11253384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11263384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11273384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11283384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11293384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
11303384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11313384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11323384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
11333384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
11343384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
11353384.3140: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
11363384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
11373384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
11383384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
11393384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
11403384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
11413384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
11423384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
11433384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
11443384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
11453384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
11463384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
11473384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11483384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11493384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11503384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11513384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11523384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
11533384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11543384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
11553384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
11563384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
11573384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
11583384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
11593384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
11603384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
11613384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
11623384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
11633384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11643384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11653384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
11663384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
11673384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
11683384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
11693384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
11703384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
11713384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11723384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11733384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
11743384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
11753384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
11763384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
11773384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
11783384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
11793384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11803384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
11813384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
11823384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
11833384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11843384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11853384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
11863384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
11873384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11883384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11893384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11903384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11913384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11923384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
11933384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11943384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11953384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
11963384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11973384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11983384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11993384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
12003384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12013384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12023384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12033384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12043384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
12053384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12063384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12073384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12083384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12093384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12103384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12113384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12123384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12133384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
12143384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12153384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12163384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12173384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12183384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12193384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
12203384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12213384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12223384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12233384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12243384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12253384.3140: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
12263384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12273384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
12283384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12293384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
12303384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
12313384.3140: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
12323384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
12333384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12343384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12353384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
12363384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12373384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12383384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12393384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12403384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12413384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
12423384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
12433384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
12443384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
12453384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
12463384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
12473384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12483384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12493384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
12503384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12513384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12523384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
12533384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12543384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12553384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
12563384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12573384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12583384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
12593384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12603384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12613384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
12623384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
12633384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
12643384.3140: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
12653384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12663384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
12673384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
12683384.3140: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
12693384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
12703384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12713384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12723384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12733384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12743384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12753384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
12763384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12773384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12783384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
12793384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12803384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12813384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
12823384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12833384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12843384.3140: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
12853384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12863384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12873384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
12883384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12893384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12903384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
12913384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12923384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12933384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
12943384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
12953384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
12963384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
12973384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
12983384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
12993384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
13003384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
13013384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13023384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13033384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
13043384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13053384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13063384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13073384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
13083384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
13093384.3140: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
13103384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13113384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
13123384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
13133384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13143384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
13153384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
13163384.3140: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)
13173384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
13183384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
13193384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
13203384.3140: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
13213384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13223384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
13233384.3140: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
13243384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
13253384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13263384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13273384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13283384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13293384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13303384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
13313384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13323384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13333384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
13343384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13353384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13363384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
13373384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13383384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13393384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13403384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13413384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13423384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
13433384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13443384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13453384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13463384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13473384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
13483384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
13493384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
13503384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
13513384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
13523384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13533384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13543384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
13553384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
13563384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13573384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13583384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13593384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13603384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13613384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
13623384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13633384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
13643384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
13653384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
13663384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
13673384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13683384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13693384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13703384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13713384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13723384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13733384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13743384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13753384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13763384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13773384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13783384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13793384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13803384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13813384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13823384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13833384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13843384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13853384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
13863384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
13873384.3140: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
13883384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13893384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13903384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
13913384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
13923384.3140: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
13933384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13943384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13953384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
13963384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
13973384.3140: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
13983384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13993384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14003384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
14013384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
14023384.3140: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
14033384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14043384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14053384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
14063384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14073384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14083384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14093384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14103384.3140: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
14113384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
14123384.3140: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
14133384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
14143384.3140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
14153384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
14163384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
14173384.3140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
14183384.3140: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14193384.3140: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
14203384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14213384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
14223384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
14233384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14243384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14253384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14263384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
14273384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14283384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
14293384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14303384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
14313384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14323384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14333384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14343384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14353384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll)
14363384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll
14373384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14383384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90500000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
14393384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
14403384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90570000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
14413384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
14423384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8fee0000 LB 0x00188000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
14433384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
14443384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
14453384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
14463384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
14473384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
14483384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
14493384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90e10000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
14503384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
14513384.3140: supR3HardenedDllNotificationCallback: load 00007ffa93050000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
14523384.3140: supR3HardenedDllNotificationCallback: load 00007ffa6c400000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
14533384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14543384.3140: supR3HardenedDllNotificationCallback: load 00007ffa6b130000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14553384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
14563384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90520000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
14573384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
14583384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
14593384.3140: supR3HardenedDllNotificationCallback: load 00007ffa928f0000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
14603384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14613384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90b00000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
14623384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14633384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
14643384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
14653384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
14663384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
14673384.3140: supR3HardenedDllNotificationCallback: load 00007ffa92c90000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
14683384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14693384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8f6b0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
14703384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
14713384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
14723384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
14733384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
14743384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8f660000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
14753384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
14763384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
14773384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
14783384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8f6d0000 LB 0x006f2000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
14793384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14803384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
14813384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
14823384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
14833384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
14843384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
14853384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90f10000 LB 0x01437000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
14863384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
14873384.3140: supR3HardenedDllNotificationCallback: load 00007ffa92360000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
14883384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
14893384.3140: supR3HardenedDllNotificationCallback: load 00007ffa77990000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
14903384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
14913384.3140: supR3HardenedDllNotificationCallback: load 0000000054f70000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
14923384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14933384.3140: supR3HardenedDllNotificationCallback: load 00007ffa52420000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
14943384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14953384.3140: supR3HardenedDllNotificationCallback: load 0000000054a00000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
14963384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14973384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8a9c0000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
14983384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14993384.3140: supR3HardenedDllNotificationCallback: load 00007ffa69770000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\COMCTL32.dll [fFlags=0x0]
15003384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll [avoiding WinVerifyTrust]
15013384.3140: supR3HardenedDllNotificationCallback: load 00007ffa92f10000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
15023384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
15033384.3140: supR3HardenedDllNotificationCallback: load 00007ffa779d0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
15043384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
15053384.3140: supR3HardenedDllNotificationCallback: load 00000000549a0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
15063384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
15073384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90c60000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
15083384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
15093384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8d9a0000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
15103384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
15113384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8da00000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
15123384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
15133384.3140: supR3HardenedDllNotificationCallback: load 00007ffa52a20000 LB 0x008eb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
15143384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
15153384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
15163384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
15173384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
15183384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
15193384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
15203384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
15213384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
15223384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
15233384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
15243384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
15253384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
15263384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
15273384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll'.
15283384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll' [rescheduled]
15293384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
15303384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
15313384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
15323384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
15333384.3140: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
15343384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
15353384.3140: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
15363384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
15373384.3140: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
15383384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
15393384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
15403384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
15413384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
15423384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
15433384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
15443384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
15453384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15463384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
15473384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
15483384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
15493384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
15503384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
15513384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
15523384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
15533384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15543384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15553384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
15563384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15573384.3140: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
15583384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15593384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15603384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15613384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15623384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15633384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15643384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15653384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15663384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15673384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15683384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15693384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15703384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
15713384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
15723384.3140: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
15733384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15743384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15753384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15763384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15773384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
15783384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
15793384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
15803384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
15813384.3140: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
15823384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15833384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15843384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15853384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15863384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
15873384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
15883384.3140: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
15893384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
15903384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
15913384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
15923384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15933384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15943384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15953384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15963384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
15973384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
15983384.3140: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
15993384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16003384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16013384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16023384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16033384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa907b0000 'C:\WINDOWS\System32\kernel32.dll'
16043384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
16053384.3140: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16063384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa902b0000 'api-ms-win-core-string-l1-1-0'
16073384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
16083384.3140: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16093384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa902b0000 'api-ms-win-core-datetime-l1-1-1'
16103384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
16113384.3140: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16123384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa902b0000 'api-ms-win-core-localization-obsolete-l1-2-0'
16133384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
16143384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
16153384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
16163384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
16173384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
16183384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16193384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16203384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
16213384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
16223384.3140: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
16233384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16243384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16253384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16263384.3140: supR3HardenedDllNotificationCallback: load 00007ffa93020000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
16273384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
16283384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93020000 'C:\WINDOWS\system32\IMM32.DLL'
16293384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
16303384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
16313384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16323384.3140: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
16333384.3140: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
16343384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16353384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93020000 'C:\WINDOWS\System32\imm32.dll'
16363384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16373384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16383384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90bb0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
16393384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52a20000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
16403384.3140: SUPR3HardenedMain: Calling TrustedMain (00007ffa52a21610)...
16413384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
16423384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16433384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
16443384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16453384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
16463384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
16473384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
16483384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
16493384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
16503384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
16513384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
16523384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
16533384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
16543384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16553384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16563384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16573384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16583384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16593384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16603384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16613384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16623384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16633384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16643384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16653384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16663384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16673384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16683384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
16693384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16703384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16713384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
16723384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16733384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16743384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
16753384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
16763384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
16773384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16783384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
16793384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
16803384.3140: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
16813384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16823384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16833384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
16843384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16853384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16863384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
16873384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16883384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16893384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16903384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
16913384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
16923384.3140: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
16933384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16943384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16953384.3140: supR3HardenedDllNotificationCallback: load 00007ffa522f0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
16963384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16973384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa522f0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
16983384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000654 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
16993384.3140: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
17003384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
17013384.3140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
17023384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
17033384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
17043384.3140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
17053384.3140: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17063384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17073384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
17083384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
17093384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
17103384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
17113384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17123384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17133384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17143384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17153384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17163384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17173384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
17183384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17193384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
17203384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8de40000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
17213384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
17223384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8de40000 'C:\WINDOWS\system32\uxtheme.dll'
17233384.3140: \Device\HarddiskVolume4\Program Files (x86)\TeamViewer\tv_x64.dll: Owner is administrators group.
17243384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
17253384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
17263384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comctl32.dll'.
17273384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17283384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
17293384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
17303384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
17313384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files (x86)\TeamViewer\tv_x64.dll) WinVerifyTrust
17323384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files (x86)\TeamViewer\tv_x64.dll
17333384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17343384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17353384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
17363384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17373384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17383384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
17393384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17403384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17413384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17423384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17433384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
17443384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
17453384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comctl32.dll [redoing WinVerifyTrust]
17463384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
17473384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
17483384.3140: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'
17493384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
17503384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
17513384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
17523384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
17533384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17543384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll) WinVerifyTrust
17553384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
17563384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17573384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17583384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17593384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\TeamViewer\tv_x64.dll
17603384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
17613384.3140: supR3HardenedDllNotificationCallback: load 00007ffa83160000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
17623384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
17633384.3140: supR3HardenedDllNotificationCallback: load 00007ffa84170000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
17643384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files (x86)\TeamViewer\tv_x64.dll
17653384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa84170000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
17663384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
17673384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17683384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90bb0000 'C:\WINDOWS\system32\advapi32.dll'
17693384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93050000 'C:\WINDOWS\system32\user32.dll'
17703384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
17713384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17723384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90f10000 'C:\WINDOWS\system32\shell32.dll'
17733384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
17743384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
17753384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
17763384.3140: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
17773384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17783384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90b00000 'C:\WINDOWS\system32\SHCore.dll'
17793384.3140: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
17803384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
17813384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93050000 'C:\WINDOWS\system32\user32.dll'
17823384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17833384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
17843384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
17853384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
17863384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
17873384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
17883384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8c760000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
17893384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
17903384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17913384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17923384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
17933384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17943384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17953384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17963384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17973384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
17983384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17993384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18003384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
18013384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
18023384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
18033384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
18043384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18053384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8da00000 'C:\WINDOWS\system32\winmm.dll'
18063384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
18073384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18083384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8da00000 'C:\WINDOWS\system32\winmm.dll'
18093384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
18103384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18113384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90f10000 'C:\WINDOWS\system32\shell32.dll'
18123384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
18133384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18143384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8de40000 'C:\WINDOWS\system32\uxtheme.dll'
18153384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90bb0000 'C:\WINDOWS\system32\advapi32.dll'
18163384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
18173384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
18183384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
18193384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
18203384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
18213384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
18223384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
18233384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
18243384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
18253384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18263384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18273384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
18283384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18293384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
18303384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8f550000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
18313384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
18323384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8f550000 'C:\WINDOWS\system32\userenv.dll'
18333384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
18343384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18353384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa907b0000 'C:\WINDOWS\System32\kernel32.dll'
18363384.3140: supR3HardenedDllNotificationCallback: load 00007ffa92bf0000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
18373384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18383384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
18393384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
18403384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
18413384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18423384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18433384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18443384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18453384.1a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
18463384.1a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
18473384.1a9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
18483384.1a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
18493384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18503384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
18513384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18523384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
18533384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
18543384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
18553384.1a9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
18563384.1a9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
18573384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18583384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18593384.1a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
18603384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18613384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18623384.1a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
18633384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18643384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18653384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18663384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18673384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18683384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18693384.1a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
18703384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18713384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18723384.1a9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18733384.1a9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
18743384.1a9c: supR3HardenedDllNotificationCallback: load 00007ffa51d30000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
18753384.1a9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
18763384.1a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51d30000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
18773384.1a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
18783384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18793384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18803384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18813384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
18823384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
18833384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
18843384.1a9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
18853384.1a9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
18863384.1a9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18873384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18883384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18893384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18903384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18913384.1a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
18923384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18933384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18943384.1a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
18953384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
18963384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
18973384.1a9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
18983384.1a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
18993384.1a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
19003384.1a9c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
19013384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19023384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19033384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19043384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19053384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19063384.1a9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19073384.1a9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19083384.1a9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
19093384.1a9c: supR3HardenedDllNotificationCallback: load 00007ffa52230000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
19103384.1a9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
19113384.1a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52230000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
19123384.1a9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
19133384.1a9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19143384.1a9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90c60000 'C:\Windows\System32\oleaut32.dll'
19153384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90e10000 'C:\WINDOWS\system32\gdi32.dll'
19163384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90f10000 'C:\WINDOWS\system32\shell32.dll'
19173384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
19183384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19193384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
19203384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
19213384.3140: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
19223384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) WinVerifyTrust
19233384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
19243384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
19253384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa931b0000 'C:\WINDOWS\System32\ntdll.dll'
19263384.3140: supR3HardenedDllNotificationCallback: load 00007ffa90990000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
19273384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19283384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
19293384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
19303384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
19313384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
19323384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
19333384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
19343384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19353384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19363384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
19373384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19383384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19393384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19403384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19413384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19423384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19433384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
19443384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19453384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19463384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
19473384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
19483384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
19493384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009f0 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
19503384.3140: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
19513384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
19523384.3140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
19533384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
19543384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
19553384.3140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
19563384.3140: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19573384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19583384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
19593384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
19603384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
19613384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
19623384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
19633384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
19643384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
19653384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
19663384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
19673384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
19683384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
19693384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
19703384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
19713384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
19723384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
19733384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
19743384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19753384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19763384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19773384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19783384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19793384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
19803384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
19813384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19823384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
19833384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
19843384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
19853384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
19863384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19873384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19883384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
19893384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19903384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19913384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19923384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19933384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19943384.3140: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
19953384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19963384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
19973384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
19983384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
19993384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20003384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20013384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
20023384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
20033384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
20043384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20053384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20063384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
20073384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
20083384.3140: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
20093384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
20103384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
20113384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
20123384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20133384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20143384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20153384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
20163384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
20173384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
20183384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
20193384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8e490000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
20203384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
20213384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8cc30000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
20223384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
20233384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8d5b0000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
20243384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
20253384.3140: supR3HardenedDllNotificationCallback: load 00007ffa6cd20000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
20263384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
20273384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6cd20000 'C:\WINDOWS\system32\dataexchange.dll'
20283384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
20293384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
20303384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'
20313384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20323384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
20333384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
20343384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
20353384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
20363384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
20373384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8df10000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
20383384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
20393384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20403384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
20413384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
20423384.3140: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
20433384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
20443384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20453384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
20463384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
20473384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
20483384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
20493384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20503384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
20513384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
20523384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
20533384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
20543384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
20553384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
20563384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
20573384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
20583384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
20593384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
20603384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20613384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
20623384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\usermgrcli.dll)
20633384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\usermgrcli.dll
20643384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8e920000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
20653384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
20663384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8d4c0000 LB 0x000e3000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
20673384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
20683384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8b140000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
20693384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
20703384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8c2c0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
20713384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
20723384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8a580000 LB 0x002d2000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
20733384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
20743384.3140: supR3HardenedDllNotificationCallback: load 00007ffa87f10000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
20753384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
20763384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20773384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20783384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20793384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20803384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
20813384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
20823384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
20833384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20843384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20853384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20863384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20873384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
20883384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20893384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20903384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20913384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20923384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
20933384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
20943384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
20953384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
20963384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
20973384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
20983384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20993384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21003384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
21013384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
21023384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
21033384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
21043384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
21053384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
21063384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21073384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21083384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
21093384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
21103384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
21113384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
21123384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
21133384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
21143384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21153384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21163384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21173384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21183384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
21193384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
21203384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\usermgrcli.dll'
21213384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
21223384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
21233384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
21243384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
21253384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
21263384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
21273384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
21283384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
21293384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
21303384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
21313384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
21323384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
21333384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a14 pwszName=\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
21343384.3140: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
21353384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
21363384.3140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D9F6A1B151CF57E6DCA07996124AC68D7674C81
21373384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
21383384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
21393384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21403384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
21413384.3140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-InputService-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
21423384.3140: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21433384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
21443384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
21453384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
21463384.3140: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
21473384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
21483384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21493384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90c60000 'C:\WINDOWS\System32\OLEAUT32.DLL'
21503384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
21513384.3140: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21523384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93050000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
21533384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
21543384.3140: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21553384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93050000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
21563384.3140: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
21573384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
21583384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-1.dll) -> 0x0, fPresent=1
21593384.3140: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21603384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa928f0000 'api-ms-win-core-com-l1-1-1.dll'
21613384.3140: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
21623384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
21633384.3140: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
21643384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
21653384.3140: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
21663384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
21673384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
21683384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21693384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90990000 'C:\WINDOWS\System32\MSCTF.dll'
21703384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
21713384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21723384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa92360000 'C:\WINDOWS\System32\ole32.dll'
21733384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
21743384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21753384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90c60000 'C:\WINDOWS\System32\OLEAUT32.dll'
21763384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b54 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
21773384.3140: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
21783384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
21793384.3140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
21803384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
21813384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
21823384.3140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
21833384.3140: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21843384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21853384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
21863384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
21873384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
21883384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
21893384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21903384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21913384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b58 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
21923384.3140: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
21933384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
21943384.3140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
21953384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
21963384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
21973384.3140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
21983384.3140: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21993384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22003384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
22013384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
22023384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
22033384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
22043384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22053384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22063384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
22073384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22083384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22093384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22103384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22113384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
22123384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
22133384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
22143384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
22153384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22163384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22173384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22183384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
22193384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
22203384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8afa0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
22213384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
22223384.3140: supR3HardenedDllNotificationCallback: load 00007ffa8b030000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
22233384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
22243384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
22253384.3140: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22263384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa902b0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
22273384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8b030000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
22283384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad0 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
22293384.3140: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
22303384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
22313384.3140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
22323384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
22333384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
22343384.3140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
22353384.3140: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22363384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22373384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
22383384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
22393384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
22403384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22413384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22423384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22433384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22443384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
22453384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22463384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
22473384.3140: supR3HardenedDllNotificationCallback: load 00007ffa87fa0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
22483384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
22493384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87fa0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
22503384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
22513384.3140: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22523384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa902b0000 'api-ms-win-core-localization-l1-2-0.dll'
22533384.3140: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
22543384.3140: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
22553384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa902b0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
22563384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b80 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
22573384.3140: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
22583384.3140: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
22593384.3140: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
22603384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
22613384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
22623384.3140: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
22633384.3140: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22643384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22653384.3140: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
22663384.3140: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
22673384.3140: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
22683384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22693384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22703384.3140: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
22713384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22723384.3140: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22733384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22743384.3140: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
22753384.3140: supR3HardenedDllNotificationCallback: load 00007ffa88610000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
22763384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
22773384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa88610000 'C:\WINDOWS\system32\wbem\fastprox.dll'
22783384.37ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
22793384.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22803384.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
22813384.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22823384.37ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
22833384.37ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22843384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22853384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22863384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
22873384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
22883384.37ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
22893384.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
22903384.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22913384.37ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
22923384.37ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
22933384.37ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
22943384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22953384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22963384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22973384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22983384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22993384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23003384.37ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23013384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23023384.37ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23033384.37ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23043384.37ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23053384.37ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
23063384.37ac: supR3HardenedDllNotificationCallback: load 0000000054890000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
23073384.37ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
23083384.37ac: supR3HardenedDllNotificationCallback: load 00007ffa51a70000 LB 0x002be000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
23093384.37ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23103384.37ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51a70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
23113384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
23123384.2490: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c3c pwszName=\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
23133384.2490: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
23143384.2490: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
23153384.2490: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1E5A9ACAE97AEA2587277AEA0A8C325D8569A5A4
23163384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
23173384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
23183384.2490: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll'
23193384.2490: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23203384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
23213384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
23223384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'oleaut32.dll'.
23233384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'ws2_32.dll'.
23243384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'netsetupapi.dll'.
23253384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'setupapi.dll'.
23263384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll) WinVerifyTrust
23273384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
23283384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23293384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23303384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
23313384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
23323384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23333384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
23343384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
23353384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
23363384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
23373384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
23383384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
23393384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23403384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23413384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
23423384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23433384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23443384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23453384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23463384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
23473384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
23483384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23493384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
23503384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll) WinVerifyTrust
23513384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
23523384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23533384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23543384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
23553384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23563384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23573384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23583384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23593384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
23603384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
23613384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
23623384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23633384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23643384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23653384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23663384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
23673384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
23683384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
23693384.2490: supR3HardenedDllNotificationCallback: load 00007ffa82150000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
23703384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupApi.dll
23713384.2490: supR3HardenedDllNotificationCallback: load 00007ffa924b0000 LB 0x0043b000 C:\WINDOWS\System32\setupapi.dll [fFlags=0x0]
23723384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
23733384.2490: supR3HardenedDllNotificationCallback: load 00007ffa80d30000 LB 0x0007b000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
23743384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupShim.dll
23753384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa80d30000 'C:\Windows\System32\NetSetupShim.dll'
23763384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
23773384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
23783384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23793384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
23803384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
23813384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winnsi.dll'.
23823384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
23833384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
23843384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
23853384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
23863384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
23873384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
23883384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
23893384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
23903384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll) WinVerifyTrust
23913384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
23923384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23933384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23943384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23953384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23963384.2490: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
23973384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
23983384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
23993384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24003384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24013384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
24023384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
24033384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll) WinVerifyTrust
24043384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24053384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24063384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24073384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24083384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24093384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
24103384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll
24113384.2490: supR3HardenedDllNotificationCallback: load 00007ffa931a0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
24123384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
24133384.2490: supR3HardenedDllNotificationCallback: load 00007ffa8a470000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
24143384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll
24153384.2490: supR3HardenedDllNotificationCallback: load 00007ffa4faa0000 LB 0x000be000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
24163384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\NetSetupEngine.dll
24173384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4faa0000 'C:\Windows\System32\NetSetupEngine.dll'
24183384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
24193384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
24203384.2490: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
24213384.2490: supR3HardenedDllNotificationCallback: Unload 00007ffa4faa0000 LB 0x000be000 C:\Windows\System32\NetSetupEngine.dll [flags=0x0]
24223384.2490: supR3HardenedDllNotificationCallback: Unload 00007ffa8a470000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [flags=0x0]
24233384.2490: supR3HardenedDllNotificationCallback: Unload 00007ffa931a0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [flags=0x0]
24243384.35f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
24253384.35f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24263384.35f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24273384.35f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24283384.35f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
24293384.35f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
24303384.35f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
24313384.35f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24323384.35f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24333384.35f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24343384.35f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24353384.35f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24363384.35f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24373384.35f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24383384.35f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24393384.35f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24403384.35f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24413384.35f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
24423384.35f8: supR3HardenedDllNotificationCallback: load 00007ffa87e80000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
24433384.35f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
24443384.35f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa87e80000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
24453384.35f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa93050000 'C:\WINDOWS\system32\User32.dll'
24463384.1120: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
24473384.1120: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24483384.1120: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24493384.1120: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24503384.1120: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
24513384.1120: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24523384.1120: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24533384.1120: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24543384.1120: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24553384.1120: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24563384.1120: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
24573384.1120: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24583384.1120: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24593384.1120: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24603384.1120: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24613384.1120: supR3HardenedDllNotificationCallback: load 00007ffa7c8f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
24623384.1120: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24633384.1120: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c8f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
24643384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
24653384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24663384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
24673384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24683384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
24693384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
24703384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
24713384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
24723384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
24733384.287c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
24743384.287c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
24753384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24763384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24773384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24783384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24793384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24803384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24813384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
24823384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
24833384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
24843384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24853384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
24863384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24873384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
24883384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
24893384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
24903384.287c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
24913384.287c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
24923384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24933384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24943384.287c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24953384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24963384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24973384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
24983384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
24993384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25003384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25013384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25023384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25033384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25043384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25053384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25063384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25073384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
25083384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
25093384.287c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
25103384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25113384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25123384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
25133384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
25143384.287c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
25153384.287c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
25163384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25173384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25183384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25193384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25203384.287c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
25213384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
25223384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
25233384.287c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
25243384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25253384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25263384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25273384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25283384.287c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
25293384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
25303384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25313384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25323384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
25333384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
25343384.287c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
25353384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25363384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25373384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25383384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25393384.287c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
25403384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
25413384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
25423384.287c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
25433384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25443384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25453384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25463384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25473384.287c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25483384.287c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
25493384.287c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
25503384.287c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
25513384.287c: supR3HardenedDllNotificationCallback: load 00007ffa64af0000 LB 0x0002f000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
25523384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
25533384.287c: supR3HardenedDllNotificationCallback: load 00007ffa60010000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
25543384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
25553384.287c: supR3HardenedDllNotificationCallback: load 00007ffa4fa50000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
25563384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
25573384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fa50000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
25583384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
25593384.287c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
25603384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
25613384.287c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25623384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa60010000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
25633384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
25643384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25653384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
25663384.287c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
25673384.287c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
25683384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
25693384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
25703384.287c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
25713384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25723384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25733384.287c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25743384.287c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
25753384.287c: supR3HardenedDllNotificationCallback: load 00007ffa6f780000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
25763384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
25773384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6f780000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
25783384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
25793384.287c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25803384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\system32/opengl32.dll'
25813384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
25823384.287c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25833384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
25843384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90e10000 'C:\WINDOWS\System32\gdi32.dll'
25853384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
25863384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
25873384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
25883384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'igdusc64.dll'.
25893384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25903384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
25913384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
25923384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
25933384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wtsapi32.dll'.
25943384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
25953384.287c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ig75icd64.dll) WinVerifyTrust
25963384.287c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ig75icd64.dll
25973384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
25983384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
25993384.287c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
26003384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
26013384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
26023384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
26033384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
26043384.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26053384.287c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll) WinVerifyTrust
26063384.287c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
26073384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
26083384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
26093384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26103384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26113384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26123384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26133384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26143384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26153384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'igdusc64.dll'...
26163384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'igdusc64.dll' -> '\Device\HarddiskVolume4\Windows\System32\igdusc64.dll' [rcNtRedir=0xc0150008]
26173384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26183384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26193384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
26203384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
26213384.287c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\igdusc64.dll) WinVerifyTrust
26223384.287c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\igdusc64.dll
26233384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
26243384.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
26253384.287c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
26263384.287c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ig75icd64.dll (Input=ig75icd64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26273384.287c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ig75icd64.dll
26283384.287c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\igdusc64.dll
26293384.287c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
26303384.287c: supR3HardenedDllNotificationCallback: load 00007ffa891d0000 LB 0x00a40000 C:\WINDOWS\SYSTEM32\igdusc64.dll [fFlags=0x0]
26313384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\igdusc64.dll
26323384.287c: supR3HardenedDllNotificationCallback: load 00007ffa8c290000 LB 0x00013000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
26333384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
26343384.287c: supR3HardenedDllNotificationCallback: load 00007ffa43c90000 LB 0x00b48000 C:\WINDOWS\System32\ig75icd64.dll [fFlags=0x0]
26353384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ig75icd64.dll
26363384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa43c90000 'C:\WINDOWS\System32\ig75icd64.dll'
26373384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90e10000 'C:\WINDOWS\System32\gdi32.dll'
26383384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
26393384.287c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26403384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
26413384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
26423384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
26433384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
26443384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
26453384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
26463384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
26473384.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
26483384.287c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26493384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa83160000 'C:\WINDOWS\System32\version.dll'
26503384.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
26513384.370c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ig75icd64.dll
26523384.370c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\SYSTEM32\ig75icd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
26533384.370c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa43c90000 'C:\WINDOWS\SYSTEM32\ig75icd64.dll'
26543384.23d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
26553384.23d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26563384.23d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26573384.23d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26583384.23d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
26593384.23d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26603384.23d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26613384.23d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26623384.23d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26633384.23d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26643384.23d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26653384.23d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26663384.23d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26673384.23d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26683384.23d4: supR3HardenedDllNotificationCallback: load 00007ffa7c8b0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
26693384.23d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
26703384.23d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c8b0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
26713384.2c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
26723384.2c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26733384.2c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
26743384.2c38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26753384.2c38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
26763384.2c38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26773384.2c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26783384.2c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26793384.2c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
26803384.2c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
26813384.2c38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26823384.2c38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26833384.2c38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26843384.2c38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26853384.2c38: supR3HardenedDllNotificationCallback: load 00007ffa7c640000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
26863384.2c38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
26873384.2c38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c640000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
26883384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90f10000 'C:\WINDOWS\system32\Shell32.dll'
26893384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
26903384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
26913384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26923384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26933384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26943384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
26953384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
26963384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
26973384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
26983384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
26993384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
27003384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
27013384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
27023384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
27033384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
27043384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
27053384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
27063384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
27073384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
27083384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
27093384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27103384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27113384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27123384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27133384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
27143384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27153384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27163384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
27173384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27183384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27193384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
27203384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
27213384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
27223384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27233384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27243384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
27253384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27263384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
27273384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
27283384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27293384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27303384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27313384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27323384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
27333384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27343384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27353384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
27363384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
27373384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
27383384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
27393384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27403384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27413384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27423384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27433384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27443384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27453384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27463384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27473384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27483384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27493384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27503384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27513384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
27523384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27533384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27543384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27553384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27563384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27573384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27583384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27593384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
27603384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27613384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27623384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
27633384.2490: supR3HardenedDllNotificationCallback: load 00007ffa5cdf0000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
27643384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
27653384.2490: supR3HardenedDllNotificationCallback: load 00007ffa5c9f0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
27663384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27673384.2490: supR3HardenedDllNotificationCallback: load 00007ffa8ec70000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
27683384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
27693384.2490: supR3HardenedDllNotificationCallback: load 00007ffa510b0000 LB 0x009b1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
27703384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
27713384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa510b0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
27723384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
27733384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
27743384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27753384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51d30000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
27763384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
27773384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
27783384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27793384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa5c9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
27803384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
27813384.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
27823384.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27833384.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27843384.14f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27853384.14f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
27863384.14f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27873384.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27883384.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27893384.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27903384.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27913384.14f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27923384.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27933384.14f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27943384.14f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27953384.14f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27963384.14f4: supR3HardenedDllNotificationCallback: load 00007ffa7c630000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
27973384.14f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
27983384.14f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c630000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
27993384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28003384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28013384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51a70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
28023384.2490: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc8 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
28033384.2490: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
28043384.2490: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
28053384.2490: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAF92974128C211D90A77B3D2A8F3BAD364910A5
28063384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
28073384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
28083384.2490: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
28093384.2490: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28103384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28113384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
28123384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
28133384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
28143384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28153384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28163384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
28173384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28183384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28193384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28203384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
28213384.2490: supR3HardenedDllNotificationCallback: load 00007ffa51020000 LB 0x0008c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
28223384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
28233384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
28243384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28253384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51020000 'C:\WINDOWS\System32\dsound.dll'
28263384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51020000 'C:\WINDOWS\System32\dsound.dll'
28273384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
28283384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28293384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51020000 'C:\WINDOWS\system32\dsound.dll'
28303384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
28313384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
28323384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28333384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
28343384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
28353384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
28363384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
28373384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
28383384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
28393384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
28403384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
28413384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
28423384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28433384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
28443384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
28453384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
28463384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
28473384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
28483384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
28493384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28503384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28513384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28523384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28533384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28543384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28553384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
28563384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
28573384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
28583384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
28593384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
28603384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28613384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28623384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28633384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28643384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
28653384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
28663384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
28673384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
28683384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
28693384.2490: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
28703384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28713384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
28723384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
28733384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
28743384.2490: supR3HardenedDllNotificationCallback: load 00007ffa8e080000 LB 0x00028000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
28753384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
28763384.2490: supR3HardenedDllNotificationCallback: load 00007ffa8c360000 LB 0x00196000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
28773384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
28783384.2490: supR3HardenedDllNotificationCallback: load 00007ffa8ac30000 LB 0x00067000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
28793384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
28803384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8ac30000 'C:\WINDOWS\System32\MMDevApi.dll'
28813384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
28823384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28833384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8ac30000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
28843384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
28853384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28863384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8da00000 'C:\WINDOWS\System32\winmm.dll'
28873384.2490: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c80 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
28883384.2490: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
28893384.2490: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
28903384.2490: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70FC7883505DC83E14C72C8984C7562A04A6C6F0
28913384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
28923384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
28933384.2490: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_935_for_KB4025342~31bf3856ad364e35~amd64~~10.0.1.13.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
28943384.2490: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28953384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28963384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
28973384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'ksuser.dll'.
28983384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'avrt.dll'.
28993384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
29003384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
29013384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
29023384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
29033384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
29043384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
29053384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
29063384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
29073384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
29083384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
29093384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
29103384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
29113384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29123384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
29133384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
29143384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29153384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29163384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
29173384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29183384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29193384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29203384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29213384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29223384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
29233384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
29243384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
29253384.2490: supR3HardenedDllNotificationCallback: load 00007ffa7c620000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
29263384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
29273384.2490: supR3HardenedDllNotificationCallback: load 00007ffa8a9b0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
29283384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
29293384.2490: supR3HardenedDllNotificationCallback: load 00007ffa50fd0000 LB 0x00041000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
29303384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
29313384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50fd0000 'C:\WINDOWS\System32\wdmaud.drv'
29323384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
29333384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29343384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50fd0000 'C:\WINDOWS\System32\wdmaud.drv'
29353384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
29363384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29373384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50fd0000 'C:\WINDOWS\System32\wdmaud.drv'
29383384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
29393384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29403384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50fd0000 'C:\WINDOWS\System32\wdmaud.drv'
29413384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
29423384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
29433384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50fd0000 'C:\WINDOWS\System32\wdmaud.drv'
29443384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
29453384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
29463384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
29473384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
29483384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
29493384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'mmdevapi.dll'.
29503384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'avrt.dll'.
29513384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
29523384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
29533384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
29543384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
29553384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
29563384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29573384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29583384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
29593384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29603384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29613384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29623384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29633384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
29643384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
29653384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
29663384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29673384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
29683384.2490: supR3HardenedDllNotificationCallback: load 00007ffa882a0000 LB 0x00105000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
29693384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
29703384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa882a0000 'C:\WINDOWS\System32\AUDIOSES.DLL'
29713384.2490: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c84 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
29723384.2490: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
29733384.2490: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
29743384.2490: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=244FFD3779BB26E481FDDE1BCB7D66CB70669BE2
29753384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
29763384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
29773384.2490: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
29783384.2490: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29793384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29803384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'.
29813384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
29823384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'.
29833384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
29843384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
29853384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
29863384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
29873384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
29883384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
29893384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
29903384.2490: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
29913384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
29923384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
29933384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
29943384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
29953384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29963384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
29973384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
29983384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29993384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
30003384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
30013384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30023384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30033384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30043384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30053384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30063384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
30073384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
30083384.2490: supR3HardenedDllNotificationCallback: load 00007ffa62770000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
30093384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
30103384.2490: supR3HardenedDllNotificationCallback: load 00007ffa7c3a0000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
30113384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
30123384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c3a0000 'C:\WINDOWS\System32\msacm32.drv'
30133384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
30143384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30153384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c3a0000 'C:\WINDOWS\System32\msacm32.drv'
30163384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
30173384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30183384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c3a0000 'C:\WINDOWS\System32\msacm32.drv'
30193384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
30203384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30213384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c3a0000 'C:\WINDOWS\System32\msacm32.drv'
30223384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
30233384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30243384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c3a0000 'C:\WINDOWS\System32\msacm32.drv'
30253384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
30263384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30273384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c3a0000 'C:\WINDOWS\System32\msacm32.drv'
30283384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
30293384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30303384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c3a0000 'C:\WINDOWS\System32\msacm32.drv'
30313384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c3a0000 'C:\WINDOWS\System32\msacm32.drv'
30323384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c3a0000 'C:\WINDOWS\System32\msacm32.drv'
30333384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa7c3a0000 'C:\WINDOWS\System32\msacm32.drv'
30343384.2490: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000106c pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
30353384.2490: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000011e7c20
30363384.2490: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000011e7c20
30373384.2490: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B59112F98815E2A8A155F681ED15AB1991951589
30383384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8eaf0000 'C:\WINDOWS\system32\rsaenh.dll'
30393384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa90070000 'C:\WINDOWS\System32\crypt32.dll'
30403384.2490: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
30413384.2490: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30423384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30433384.2490: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
30443384.2490: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
30453384.2490: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
30463384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30473384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30483384.2490: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
30493384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30503384.2490: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30513384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30523384.2490: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
30533384.2490: supR3HardenedDllNotificationCallback: load 00007ffa779c0000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
30543384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
30553384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa779c0000 'C:\WINDOWS\System32\midimap.dll'
30563384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
30573384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30583384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa779c0000 'C:\WINDOWS\System32\midimap.dll'
30593384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
30603384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30613384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa779c0000 'C:\WINDOWS\System32\midimap.dll'
30623384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
30633384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
30643384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa779c0000 'C:\WINDOWS\System32\midimap.dll'
30653384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8da00000 'C:\WINDOWS\System32\winmm.dll'
30663384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
30673384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30683384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51020000 'C:\WINDOWS\system32\dsound.dll'
30693384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8da00000 'C:\WINDOWS\System32\winmm.dll'
30703384.2490: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
30713384.2490: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30723384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51020000 'C:\WINDOWS\system32\dsound.dll'
30733384.2490: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8da00000 'C:\WINDOWS\System32\winmm.dll'
30743384.864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
30753384.864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30763384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30773384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30783384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30793384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30803384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30813384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30823384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30833384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30843384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30853384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
30863384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30873384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8c760000 'C:\WINDOWS\system32\dwmapi.dll'
30883384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\opengl32.dll'
30893384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30903384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30913384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30923384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30933384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30943384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30953384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
30963384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30973384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30983384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
30993384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31003384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31013384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31023384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31033384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31043384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31053384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31063384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31073384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31083384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31093384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31103384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31113384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31123384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31133384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31143384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31153384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31163384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31173384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31183384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31193384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31203384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31213384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31223384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31233384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31243384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31253384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31263384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31273384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31283384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31293384.3140: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
31303384.3140: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31313384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31323384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31333384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31343384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31353384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31363384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31373384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31383384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31393384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31403384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31413384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31423384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31433384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31443384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31453384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31463384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31473384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31483384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31493384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31503384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31513384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31523384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31533384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31543384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31553384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31563384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31573384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31583384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31593384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31603384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31613384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31623384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31633384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31643384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31653384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31663384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31673384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31683384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31693384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31703384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31713384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31723384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31733384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31743384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31753384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31763384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31773384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31783384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31793384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31803384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31813384.3140: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31823384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31833384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31843384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31853384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31863384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31873384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31883384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31893384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31903384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31913384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31923384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31933384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31943384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31953384.864: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
31963384.864: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31973384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31983384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
31993384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32003384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32013384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32023384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32033384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32043384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32053384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32063384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32073384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32083384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32093384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32103384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32113384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32123384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32133384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32143384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32153384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32163384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6b130000 'C:\WINDOWS\System32\OPENGL32.dll'
32173384.864: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
32183384.864: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32193384.864: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa907b0000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
322022c8.b98: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 35355 ms, the end);
32213684.1b58: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 35844 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy