VirtualBox

Ticket #16766: VBoxHardening.log

File VBoxHardening.log, 349.2 KB (added by oso, 7 years ago)
Line 
1ba0.ca8: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000
2ba0.ca8: \SystemRoot\System32\ntdll.dll:
3ba0.ca8: CreationTime: 2016-05-11T09:21:17.752920600Z
4ba0.ca8: LastWriteTime: 2016-01-19T19:12:58.151193700Z
5ba0.ca8: ChangeTime: 2016-07-01T15:29:38.444310600Z
6ba0.ca8: FileAttributes: 0x20
7ba0.ca8: Size: 0x1a8180
8ba0.ca8: NT Headers: 0xd8
9ba0.ca8: Timestamp: 0x569e7d02
10ba0.ca8: Machine: 0x8664 - amd64
11ba0.ca8: Timestamp: 0x569e7d02
12ba0.ca8: Image Version: 6.3
13ba0.ca8: SizeOfImage: 0x1ad000 (1757184)
14ba0.ca8: Resource Dir: 0x149000 LB 0x624a0
15ba0.ca8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16ba0.ca8: [Raw version resource data: 0x1490f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17ba0.ca8: ProductName: Microsoft® Windows® Operating System
18ba0.ca8: ProductVersion: 6.3.9600.18202
19ba0.ca8: FileVersion: 6.3.9600.18202 (winblue_ltsb.160119-0600)
20ba0.ca8: FileDescription: NT Layer DLL
21ba0.ca8: \SystemRoot\System32\kernel32.dll:
22ba0.ca8: CreationTime: 2014-11-21T09:15:43.975862900Z
23ba0.ca8: LastWriteTime: 2014-11-21T09:15:43.991490700Z
24ba0.ca8: ChangeTime: 2015-12-09T09:35:40.299417000Z
25ba0.ca8: FileAttributes: 0x20
26ba0.ca8: Size: 0x13fc30
27ba0.ca8: NT Headers: 0xf8
28ba0.ca8: Timestamp: 0x545054ca
29ba0.ca8: Machine: 0x8664 - amd64
30ba0.ca8: Timestamp: 0x545054ca
31ba0.ca8: Image Version: 6.3
32ba0.ca8: SizeOfImage: 0x13e000 (1302528)
33ba0.ca8: Resource Dir: 0x12e000 LB 0x518
34ba0.ca8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35ba0.ca8: [Raw version resource data: 0x12e0b0 LB 0x3a0, codepage 0x0 (reserved 0x0)]
36ba0.ca8: ProductName: Microsoft® Windows® Operating System
37ba0.ca8: ProductVersion: 6.3.9600.17415
38ba0.ca8: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
39ba0.ca8: FileDescription: Windows NT BASE API Client DLL
40ba0.ca8: \SystemRoot\System32\KernelBase.dll:
41ba0.ca8: CreationTime: 2016-05-11T09:21:18.221676100Z
42ba0.ca8: LastWriteTime: 2016-01-19T19:12:20.143460800Z
43ba0.ca8: ChangeTime: 2016-07-01T15:29:37.475548200Z
44ba0.ca8: FileAttributes: 0x20
45ba0.ca8: Size: 0x114cb0
46ba0.ca8: NT Headers: 0xf0
47ba0.ca8: Timestamp: 0x569e7eb1
48ba0.ca8: Machine: 0x8664 - amd64
49ba0.ca8: Timestamp: 0x569e7eb1
50ba0.ca8: Image Version: 6.3
51ba0.ca8: SizeOfImage: 0x115000 (1134592)
52ba0.ca8: Resource Dir: 0x110000 LB 0x3530
53ba0.ca8: [Version info resource found at 0x108! (ID/Name: 0x1; SubID/SubName: 0x409)]
54ba0.ca8: [Raw version resource data: 0x110120 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55ba0.ca8: ProductName: Microsoft® Windows® Operating System
56ba0.ca8: ProductVersion: 6.3.9600.18202
57ba0.ca8: FileVersion: 6.3.9600.18202 (winblue_ltsb.160119-0600)
58ba0.ca8: FileDescription: Windows NT BASE API Client DLL
59ba0.ca8: \SystemRoot\System32\apisetschema.dll:
60ba0.ca8: CreationTime: 2013-08-22T12:13:09.745625900Z
61ba0.ca8: LastWriteTime: 2013-08-22T12:35:12.091034400Z
62ba0.ca8: ChangeTime: 2015-12-08T23:24:01.409895000Z
63ba0.ca8: FileAttributes: 0x20
64ba0.ca8: Size: 0x11360
65ba0.ca8: NT Headers: 0xd0
66ba0.ca8: Timestamp: 0x52160049
67ba0.ca8: Machine: 0x8664 - amd64
68ba0.ca8: Timestamp: 0x52160049
69ba0.ca8: Image Version: 6.3
70ba0.ca8: SizeOfImage: 0x13000 (77824)
71ba0.ca8: Resource Dir: 0x11000 LB 0x3f8
72ba0.ca8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73ba0.ca8: [Raw version resource data: 0x11060 LB 0x398, codepage 0x0 (reserved 0x0)]
74ba0.ca8: ProductName: Microsoft® Windows® Operating System
75ba0.ca8: ProductVersion: 6.3.9600.16384
76ba0.ca8: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
77ba0.ca8: FileDescription: ApiSet Schema DLL
78ba0.ca8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79ba0.ca8: supR3HardenedWinFindAdversaries: 0x0
80ba0.ca8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
81ba0.ca8: Calling main()
82ba0.ca8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
83ba0.ca8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
84ba0.ca8: SUPR3HardenedMain: Respawn #1
85ba0.ca8: System32: \Device\HarddiskVolume4\Windows\System32
86ba0.ca8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
87ba0.ca8: KnownDllPath: C:\Windows\system32
88ba0.ca8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
89ba0.ca8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
90ba0.ca8: supR3HardNtEnableThreadCreation:
91ba0.ca8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbfab88c80 pvNtTerminateThread=00007ffbfac00be0
92ba0.ca8: supR3HardenedWinDoReSpawn(1): New child 998.160 [kernel32].
93ba0.ca8: supR3HardNtChildGatherData: PebBaseAddress=00007ff7c8399000 cbPeb=0x388
94ba0.ca8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbfab70000 uNtDllChildAddr=00007ffbfab70000
95ba0.ca8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbfab88c80
96ba0.ca8: supR3HardenedWinSetupChildInit: Start child.
97ba0.ca8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
98ba0.ca8: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 15 sleeps
99ba0.ca8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
100ba0.ca8: *0000000000000000-0000000000f1ffff 0x0001/0x0000 0x0000000
101ba0.ca8: *0000000000f20000-0000000000f3ffff 0x0004/0x0004 0x0020000
102ba0.ca8: *0000000000f40000-0000000000f4efff 0x0002/0x0002 0x0040000
103ba0.ca8: 0000000000f4f000-0000000000f4ffff 0x0001/0x0000 0x0000000
104ba0.ca8: *0000000000f50000-000000000104afff 0x0000/0x0004 0x0020000
105ba0.ca8: 000000000104b000-000000000104dfff 0x0104/0x0004 0x0020000
106ba0.ca8: 000000000104e000-000000000104ffff 0x0004/0x0004 0x0020000
107ba0.ca8: *0000000001050000-0000000001053fff 0x0002/0x0002 0x0040000
108ba0.ca8: 0000000001054000-000000000105ffff 0x0001/0x0000 0x0000000
109ba0.ca8: *0000000001060000-0000000001061fff 0x0004/0x0004 0x0020000
110ba0.ca8: 0000000001062000-000000007ffdffff 0x0001/0x0000 0x0000000
111ba0.ca8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
112ba0.ca8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
113ba0.ca8: 000000007fff0000-00007ff7c836ffff 0x0001/0x0000 0x0000000
114ba0.ca8: *00007ff7c8370000-00007ff7c8392fff 0x0002/0x0002 0x0040000
115ba0.ca8: 00007ff7c8393000-00007ff7c8398fff 0x0001/0x0000 0x0000000
116ba0.ca8: *00007ff7c8399000-00007ff7c8399fff 0x0004/0x0004 0x0020000
117ba0.ca8: 00007ff7c839a000-00007ff7c839dfff 0x0001/0x0000 0x0000000
118ba0.ca8: *00007ff7c839e000-00007ff7c839ffff 0x0004/0x0004 0x0020000
119ba0.ca8: 00007ff7c83a0000-00007ff7c92bffff 0x0001/0x0000 0x0000000
120ba0.ca8: *00007ff7c92c0000-00007ff7c92c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
121ba0.ca8: 00007ff7c92c1000-00007ff7c9330fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
122ba0.ca8: 00007ff7c9331000-00007ff7c9331fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
123ba0.ca8: 00007ff7c9332000-00007ff7c9376fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
124ba0.ca8: 00007ff7c9377000-00007ff7c9377fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
125ba0.ca8: 00007ff7c9378000-00007ff7c9378fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
126ba0.ca8: 00007ff7c9379000-00007ff7c937dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
127ba0.ca8: 00007ff7c937e000-00007ff7c937efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
128ba0.ca8: 00007ff7c937f000-00007ff7c937ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
129ba0.ca8: 00007ff7c9380000-00007ff7c9383fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
130ba0.ca8: 00007ff7c9384000-00007ff7c93cbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
131ba0.ca8: 00007ff7c93cc000-00007ffbfab6ffff 0x0001/0x0000 0x0000000
132ba0.ca8: *00007ffbfab70000-00007ffbfab70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
133ba0.ca8: 00007ffbfab71000-00007ffbfac9dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
134ba0.ca8: 00007ffbfac9e000-00007ffbfaca3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
135ba0.ca8: 00007ffbfaca4000-00007ffbfacb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
136ba0.ca8: 00007ffbfacb1000-00007ffbfacb1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
137ba0.ca8: 00007ffbfacb2000-00007ffbfacb4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
138ba0.ca8: 00007ffbfacb5000-00007ffbfacb5fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
139ba0.ca8: 00007ffbfacb6000-00007ffbfad1cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
140ba0.ca8: 00007ffbfad1d000-00007ffffffdffff 0x0001/0x0000 0x0000000
141ba0.ca8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
142ba0.ca8: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
143ba0.ca8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
144ba0.ca8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
145ba0.ca8: supR3HardNtChildPurify: Done after 375 ms and 0 fixes (loop #0).
146998.160: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
147998.160: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbfab70000 g_uNtVerCombined=0x63258000
148998.160: ntdll.dll: timestamp 0x569e7d02 (rc=VINF_SUCCESS)
149998.160: New simple heap: #1 0000000001170000 LB 0x400000 (for 1757184 allocation)
150998.160: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
151998.160: System32: \Device\HarddiskVolume4\Windows\System32
152998.160: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
153998.160: KnownDllPath: C:\Windows\system32
154998.160: supR3HardenedVmProcessInit: Opening vboxdrv stub...
155ba0.ca8: supR3HardNtEnableThreadCreation:
156998.160: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
157998.160: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
158998.160: Registered Dll notification callback with NTDLL.
159998.160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
160998.160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
161998.160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
162998.160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
163998.160: supR3HardenedDllNotificationCallback: load 00007ffbf8020000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
164998.160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
165998.160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
166998.160: supR3HardenedDllNotificationCallback: load 00007ffbf9f90000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
167998.160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
168998.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\KERNEL32.DLL'
169998.160: supR3HardenedDllNotificationCallback: load 00007ff7c92c0000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
170998.160: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
171998.160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
172998.160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
173ba0.ca8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 237 ms.
174998.160: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbfab88c80 pvNtTerminateThread=00007ffbfac00be0
175998.160: \SystemRoot\System32\ntdll.dll:
176998.160: CreationTime: 2016-05-11T09:21:17.752920600Z
177998.160: LastWriteTime: 2016-01-19T19:12:58.151193700Z
178998.160: ChangeTime: 2016-07-01T15:29:38.444310600Z
179998.160: FileAttributes: 0x20
180998.160: Size: 0x1a8180
181998.160: NT Headers: 0xd8
182998.160: Timestamp: 0x569e7d02
183998.160: Machine: 0x8664 - amd64
184998.160: Timestamp: 0x569e7d02
185998.160: Image Version: 6.3
186998.160: SizeOfImage: 0x1ad000 (1757184)
187998.160: Resource Dir: 0x149000 LB 0x624a0
188998.160: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
189998.160: [Raw version resource data: 0x1490f0 LB 0x380, codepage 0x0 (reserved 0x0)]
190998.160: ProductName: Microsoft® Windows® Operating System
191998.160: ProductVersion: 6.3.9600.18202
192998.160: FileVersion: 6.3.9600.18202 (winblue_ltsb.160119-0600)
193998.160: FileDescription: NT Layer DLL
194998.160: \SystemRoot\System32\kernel32.dll:
195998.160: CreationTime: 2014-11-21T09:15:43.975862900Z
196998.160: LastWriteTime: 2014-11-21T09:15:43.991490700Z
197998.160: ChangeTime: 2015-12-09T09:35:40.299417000Z
198998.160: FileAttributes: 0x20
199998.160: Size: 0x13fc30
200998.160: NT Headers: 0xf8
201998.160: Timestamp: 0x545054ca
202998.160: Machine: 0x8664 - amd64
203998.160: Timestamp: 0x545054ca
204998.160: Image Version: 6.3
205998.160: SizeOfImage: 0x13e000 (1302528)
206998.160: Resource Dir: 0x12e000 LB 0x518
207998.160: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
208998.160: [Raw version resource data: 0x12e0b0 LB 0x3a0, codepage 0x0 (reserved 0x0)]
209998.160: ProductName: Microsoft® Windows® Operating System
210998.160: ProductVersion: 6.3.9600.17415
211998.160: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
212998.160: FileDescription: Windows NT BASE API Client DLL
213998.160: \SystemRoot\System32\KernelBase.dll:
214998.160: CreationTime: 2016-05-11T09:21:18.221676100Z
215998.160: LastWriteTime: 2016-01-19T19:12:20.143460800Z
216998.160: ChangeTime: 2016-07-01T15:29:37.475548200Z
217998.160: FileAttributes: 0x20
218998.160: Size: 0x114cb0
219998.160: NT Headers: 0xf0
220998.160: Timestamp: 0x569e7eb1
221998.160: Machine: 0x8664 - amd64
222998.160: Timestamp: 0x569e7eb1
223998.160: Image Version: 6.3
224998.160: SizeOfImage: 0x115000 (1134592)
225998.160: Resource Dir: 0x110000 LB 0x3530
226998.160: [Version info resource found at 0x108! (ID/Name: 0x1; SubID/SubName: 0x409)]
227998.160: [Raw version resource data: 0x110120 LB 0x3bc, codepage 0x0 (reserved 0x0)]
228998.160: ProductName: Microsoft® Windows® Operating System
229998.160: ProductVersion: 6.3.9600.18202
230998.160: FileVersion: 6.3.9600.18202 (winblue_ltsb.160119-0600)
231998.160: FileDescription: Windows NT BASE API Client DLL
232998.160: \SystemRoot\System32\apisetschema.dll:
233998.160: CreationTime: 2013-08-22T12:13:09.745625900Z
234998.160: LastWriteTime: 2013-08-22T12:35:12.091034400Z
235998.160: ChangeTime: 2015-12-08T23:24:01.409895000Z
236998.160: FileAttributes: 0x20
237998.160: Size: 0x11360
238998.160: NT Headers: 0xd0
239998.160: Timestamp: 0x52160049
240998.160: Machine: 0x8664 - amd64
241998.160: Timestamp: 0x52160049
242998.160: Image Version: 6.3
243998.160: SizeOfImage: 0x13000 (77824)
244998.160: Resource Dir: 0x11000 LB 0x3f8
245998.160: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
246998.160: [Raw version resource data: 0x11060 LB 0x398, codepage 0x0 (reserved 0x0)]
247998.160: ProductName: Microsoft® Windows® Operating System
248998.160: ProductVersion: 6.3.9600.16384
249998.160: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
250998.160: FileDescription: ApiSet Schema DLL
251998.160: NtOpenDirectoryObject failed on \Driver: 0xc0000022
252998.160: supR3HardenedWinFindAdversaries: 0x0
253998.160: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
254998.160: Calling main()
255998.160: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
256998.160: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
257998.160: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
258998.160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
259998.160: SUPR3HardenedMain: Respawn #2
260998.160: supR3HardNtEnableThreadCreation:
261998.160: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbfab88c80 pvNtTerminateThread=00007ffbfac00be0
262998.160: supR3HardenedWinDoReSpawn(2): New child c78.9f0 [kernel32].
263998.160: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
264998.160: supR3HardNtChildGatherData: PebBaseAddress=00007ff7c863b000 cbPeb=0x388
265998.160: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbfab70000 uNtDllChildAddr=00007ffbfab70000
266998.160: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbfab88c80
267998.160: supR3HardenedWinSetupChildInit: Start child.
268998.160: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
269998.160: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 17 sleeps
270998.160: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
271998.160: *0000000000000000-0000000000d9ffff 0x0001/0x0000 0x0000000
272998.160: *0000000000da0000-0000000000dbffff 0x0004/0x0004 0x0020000
273998.160: *0000000000dc0000-0000000000dcefff 0x0002/0x0002 0x0040000
274998.160: 0000000000dcf000-0000000000dcffff 0x0001/0x0000 0x0000000
275998.160: *0000000000dd0000-0000000000ecafff 0x0000/0x0004 0x0020000
276998.160: 0000000000ecb000-0000000000ecdfff 0x0104/0x0004 0x0020000
277998.160: 0000000000ece000-0000000000ecffff 0x0004/0x0004 0x0020000
278998.160: *0000000000ed0000-0000000000ed3fff 0x0002/0x0002 0x0040000
279998.160: 0000000000ed4000-0000000000edffff 0x0001/0x0000 0x0000000
280998.160: *0000000000ee0000-0000000000ee1fff 0x0004/0x0004 0x0020000
281998.160: 0000000000ee2000-000000007ffdffff 0x0001/0x0000 0x0000000
282998.160: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
283998.160: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
284998.160: 000000007fff0000-00007ff7c860ffff 0x0001/0x0000 0x0000000
285998.160: *00007ff7c8610000-00007ff7c8632fff 0x0002/0x0002 0x0040000
286998.160: 00007ff7c8633000-00007ff7c863afff 0x0001/0x0000 0x0000000
287998.160: *00007ff7c863b000-00007ff7c863bfff 0x0004/0x0004 0x0020000
288998.160: 00007ff7c863c000-00007ff7c863dfff 0x0001/0x0000 0x0000000
289998.160: *00007ff7c863e000-00007ff7c863ffff 0x0004/0x0004 0x0020000
290998.160: 00007ff7c8640000-00007ff7c92bffff 0x0001/0x0000 0x0000000
291998.160: *00007ff7c92c0000-00007ff7c92c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
292998.160: 00007ff7c92c1000-00007ff7c9330fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
293998.160: 00007ff7c9331000-00007ff7c9331fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
294998.160: 00007ff7c9332000-00007ff7c9376fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
295998.160: 00007ff7c9377000-00007ff7c9377fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
296998.160: 00007ff7c9378000-00007ff7c9378fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
297998.160: 00007ff7c9379000-00007ff7c937dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
298998.160: 00007ff7c937e000-00007ff7c937efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
299998.160: 00007ff7c937f000-00007ff7c937ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
300998.160: 00007ff7c9380000-00007ff7c9383fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
301998.160: 00007ff7c9384000-00007ff7c93cbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
302998.160: 00007ff7c93cc000-00007ffbfab6ffff 0x0001/0x0000 0x0000000
303998.160: *00007ffbfab70000-00007ffbfab70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
304998.160: 00007ffbfab71000-00007ffbfac9dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
305998.160: 00007ffbfac9e000-00007ffbfaca3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
306998.160: 00007ffbfaca4000-00007ffbfacb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
307998.160: 00007ffbfacb1000-00007ffbfacb1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
308998.160: 00007ffbfacb2000-00007ffbfacb4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
309998.160: 00007ffbfacb5000-00007ffbfacb5fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
310998.160: 00007ffbfacb6000-00007ffbfad1cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
311998.160: 00007ffbfad1d000-00007ffffffdffff 0x0001/0x0000 0x0000000
312998.160: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
313998.160: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
314998.160: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
315998.160: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
316998.160: supR3HardNtChildPurify: Done after 320 ms and 0 fixes (loop #0).
317c78.9f0: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
318c78.9f0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbfab70000 g_uNtVerCombined=0x63258000
319c78.9f0: ntdll.dll: timestamp 0x569e7d02 (rc=VINF_SUCCESS)
320c78.9f0: New simple heap: #1 0000000000ff0000 LB 0x400000 (for 1757184 allocation)
321998.160: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001170000 LB 0x400000)
322998.160: supR3HardNtEnableThreadCreation:
323c78.9f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
324c78.9f0: System32: \Device\HarddiskVolume4\Windows\System32
325c78.9f0: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
326c78.9f0: KnownDllPath: C:\Windows\system32
327c78.9f0: supR3HardenedVmProcessInit: Opening vboxdrv...
328c78.9f0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
329c78.9f0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
330c78.9f0: Registered Dll notification callback with NTDLL.
331c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
332c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
333c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
334c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
335c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf8020000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
336c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
337c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
338c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf9f90000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
339c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
340c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\KERNEL32.DLL'
341c78.9f0: supR3HardenedDllNotificationCallback: load 00007ff7c92c0000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
342c78.9f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
343c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
344c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
345c78.9f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbfab88c80 pvNtTerminateThread=00007ffbfac00be0
346998.160: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 157 ms.
347c78.9f0: \SystemRoot\System32\ntdll.dll:
348c78.9f0: CreationTime: 2016-05-11T09:21:17.752920600Z
349c78.9f0: LastWriteTime: 2016-01-19T19:12:58.151193700Z
350c78.9f0: ChangeTime: 2016-07-01T15:29:38.444310600Z
351c78.9f0: FileAttributes: 0x20
352c78.9f0: Size: 0x1a8180
353c78.9f0: NT Headers: 0xd8
354c78.9f0: Timestamp: 0x569e7d02
355c78.9f0: Machine: 0x8664 - amd64
356c78.9f0: Timestamp: 0x569e7d02
357c78.9f0: Image Version: 6.3
358c78.9f0: SizeOfImage: 0x1ad000 (1757184)
359c78.9f0: Resource Dir: 0x149000 LB 0x624a0
360c78.9f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
361c78.9f0: [Raw version resource data: 0x1490f0 LB 0x380, codepage 0x0 (reserved 0x0)]
362c78.9f0: ProductName: Microsoft® Windows® Operating System
363c78.9f0: ProductVersion: 6.3.9600.18202
364c78.9f0: FileVersion: 6.3.9600.18202 (winblue_ltsb.160119-0600)
365c78.9f0: FileDescription: NT Layer DLL
366c78.9f0: \SystemRoot\System32\kernel32.dll:
367c78.9f0: CreationTime: 2014-11-21T09:15:43.975862900Z
368c78.9f0: LastWriteTime: 2014-11-21T09:15:43.991490700Z
369c78.9f0: ChangeTime: 2015-12-09T09:35:40.299417000Z
370c78.9f0: FileAttributes: 0x20
371c78.9f0: Size: 0x13fc30
372c78.9f0: NT Headers: 0xf8
373c78.9f0: Timestamp: 0x545054ca
374c78.9f0: Machine: 0x8664 - amd64
375c78.9f0: Timestamp: 0x545054ca
376c78.9f0: Image Version: 6.3
377c78.9f0: SizeOfImage: 0x13e000 (1302528)
378c78.9f0: Resource Dir: 0x12e000 LB 0x518
379c78.9f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
380c78.9f0: [Raw version resource data: 0x12e0b0 LB 0x3a0, codepage 0x0 (reserved 0x0)]
381c78.9f0: ProductName: Microsoft® Windows® Operating System
382c78.9f0: ProductVersion: 6.3.9600.17415
383c78.9f0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
384c78.9f0: FileDescription: Windows NT BASE API Client DLL
385c78.9f0: \SystemRoot\System32\KernelBase.dll:
386c78.9f0: CreationTime: 2016-05-11T09:21:18.221676100Z
387c78.9f0: LastWriteTime: 2016-01-19T19:12:20.143460800Z
388c78.9f0: ChangeTime: 2016-07-01T15:29:37.475548200Z
389c78.9f0: FileAttributes: 0x20
390c78.9f0: Size: 0x114cb0
391c78.9f0: NT Headers: 0xf0
392c78.9f0: Timestamp: 0x569e7eb1
393c78.9f0: Machine: 0x8664 - amd64
394c78.9f0: Timestamp: 0x569e7eb1
395c78.9f0: Image Version: 6.3
396c78.9f0: SizeOfImage: 0x115000 (1134592)
397c78.9f0: Resource Dir: 0x110000 LB 0x3530
398c78.9f0: [Version info resource found at 0x108! (ID/Name: 0x1; SubID/SubName: 0x409)]
399c78.9f0: [Raw version resource data: 0x110120 LB 0x3bc, codepage 0x0 (reserved 0x0)]
400c78.9f0: ProductName: Microsoft® Windows® Operating System
401c78.9f0: ProductVersion: 6.3.9600.18202
402c78.9f0: FileVersion: 6.3.9600.18202 (winblue_ltsb.160119-0600)
403c78.9f0: FileDescription: Windows NT BASE API Client DLL
404c78.9f0: \SystemRoot\System32\apisetschema.dll:
405c78.9f0: CreationTime: 2013-08-22T12:13:09.745625900Z
406c78.9f0: LastWriteTime: 2013-08-22T12:35:12.091034400Z
407c78.9f0: ChangeTime: 2015-12-08T23:24:01.409895000Z
408c78.9f0: FileAttributes: 0x20
409c78.9f0: Size: 0x11360
410c78.9f0: NT Headers: 0xd0
411c78.9f0: Timestamp: 0x52160049
412c78.9f0: Machine: 0x8664 - amd64
413c78.9f0: Timestamp: 0x52160049
414c78.9f0: Image Version: 6.3
415c78.9f0: SizeOfImage: 0x13000 (77824)
416c78.9f0: Resource Dir: 0x11000 LB 0x3f8
417c78.9f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
418c78.9f0: [Raw version resource data: 0x11060 LB 0x398, codepage 0x0 (reserved 0x0)]
419c78.9f0: ProductName: Microsoft® Windows® Operating System
420c78.9f0: ProductVersion: 6.3.9600.16384
421c78.9f0: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
422c78.9f0: FileDescription: ApiSet Schema DLL
423c78.9f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
424c78.9f0: supR3HardenedWinFindAdversaries: 0x0
425c78.9f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
426c78.9f0: Calling main()
427c78.9f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
428c78.9f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
429c78.9f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
430c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
431c78.9f0: SUPR3HardenedMain: Final process, opening VBoxDrv...
432c78.9f0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000ff0000 LB 0x400000)
433c78.9f0: supR3HardNtEnableThreadCreation:
434c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
435c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
436c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
437c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
438c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf4290000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
439c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
440c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
441c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
442c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4290000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
443c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
444c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
445c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4290000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
446c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4290000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
447c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
448c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
449c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
450c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
451c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
452c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
453c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
454c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
455c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
456c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
457c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
458c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
459c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
460c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
461c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
462c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
463c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
464c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
465c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
466c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
467c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
468c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
469c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
470c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
471c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
472c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
473c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
474c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
475c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
476c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
477c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
478c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
479c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf98c0000 LB 0x000aa000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
480c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
481c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf7d70000 LB 0x00011000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
482c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
483c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf7e40000 LB 0x001df000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
484c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
485c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbfa460000 LB 0x00141000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
486c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
487c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf8190000 LB 0x00051000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
488c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
489c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\system32\Wintrust.dll'
490c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
491c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
492c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
493c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
494c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf7780000 LB 0x00026000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
495c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
496c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7780000 'C:\Windows\system32\bcrypt.dll'
497c78.9f0: bcrypt.dll loaded at 00007ffbf7780000, BCryptOpenAlgorithmProvider at 00007ffbf77834a0, preloading providers:
498c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
499c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
500c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
501c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
502c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf7b20000 LB 0x00063000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
503c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
504c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7b20000 'C:\Windows\system32\bcryptprimitives.dll'
505c78.9f0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000014a88e0)
506c78.9f0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000014a8cd0)
507c78.9f0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000014a8df0)
508c78.9f0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000014a9040)
509c78.9f0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000014a9160)
510c78.9f0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000014a92d0)
511c78.9f0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000014aa050)
512c78.9f0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000014a9f30)
513c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
514c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
515c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
516c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
517c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
518c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
519c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
520c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
521c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
522c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
523c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
524c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
525c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
526c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
527c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
528c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
529c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
530c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
531c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
532c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
533c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
534c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
535c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf7620000 LB 0x00020000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
536c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
537c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
538c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
539c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
540c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
541c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
542c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
543c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
544c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
545c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf7140000 LB 0x00036000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
546c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
547c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
548c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
549c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
550c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
551c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf7b90000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
552c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
553c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
554c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
555c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
556c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
557c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
558c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
559c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
560c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
561c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
562c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
563c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\CRYPT32.dll'
564c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf82a0000 LB 0x00016000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
565c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
566c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
567c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
568c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
569c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
570c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
571c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
572c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
573c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
574c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
575c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
576c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ncrypt.dll)
577c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ncrypt.dll
578c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntasn1.dll)
579c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntasn1.dll
580c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf7710000 LB 0x00037000 C:\Windows\SYSTEM32\NTASN1.dll [fFlags=0x0]
581c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
582c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf7750000 LB 0x00025000 C:\Windows\SYSTEM32\ncrypt.dll [fFlags=0x0]
583c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
584c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
585c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
586c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
587c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf82c0000 LB 0x00059000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
588c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
589c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
590c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
591c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
592c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
593c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf6e50000 LB 0x00024000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
594c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
595c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
596c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
597c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf7cc0000 LB 0x00015000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
598c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
599c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
600c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
601c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
602c78.9f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
603c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
604c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
605c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
606c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
607c78.9f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\Wldap32.dll)
608c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Wldap32.dll
609c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
610c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
611c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
612c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
613c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
614c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
615c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
616c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
617c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
618c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
619c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
620c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
621c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
622c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
623c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
624c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
625c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
626c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
627c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
628c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
629c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
630c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
631c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
632c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
633c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
634c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
635c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbfa5c0000 LB 0x0005c000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
636c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
637c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbebb80000 LB 0x00039000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
638c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
639c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
640c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
641c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
642c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
643c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
644c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
645c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
646c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
647c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
648c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
649c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
650c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
651c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
652c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
653c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
654c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
655c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
656c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
657c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
658c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
659c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
660c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
661c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
662c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
663c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
664c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
665c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
666c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
667c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\system32\cryptnet.dll'
668c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
669c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbebb80000 'C:\Windows\System32\cryptnet.dll'
670c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
671c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
672c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
673c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
674c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
675c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf9b00000 LB 0x000aa000 C:\Windows\SYSTEM32\advapi32.dll [fFlags=0x0]
676c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
677c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
678c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
679c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
680c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
681c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
682c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
683c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
684c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
685c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
686c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
687c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
688c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
689c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
690c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
691c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
692c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
693c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000014b39b0
694c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
695c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D01B4E6379F389884DFFD6B0FBDDA305E24F48C5
696c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
697c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
698c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa460000 'C:\Windows\system32\rpcrt4.dll'
699c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
700c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
701c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
702c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
703c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
704c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
705c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
706c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
707c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
708c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
709c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
710c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
711c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
712c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
713c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
714c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
715c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
716c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
717c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
718c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
719c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
720c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_32_for_KB3126593~31bf3856ad364e35~amd64~~6.3.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
721c78.9f0: g_pfnWinVerifyTrust=00007ffbf8191050
722c78.9f0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
723c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
724c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
725c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
726c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
727c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
728c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
729c78.9f0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
730c78.9f0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
731c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
732c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
733c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
734c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
735c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
736c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
737c78.9f0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
738c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
739c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
740c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
741c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
742c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
743c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume4\Windows\System32\Wldap32.dll
744c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
745c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
746c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBC3979054487C3D01C936AC44608445F3BDB24A
747c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
748c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
749c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
750c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
751c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
752c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
753c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
754c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
755c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
756c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFA081F787F20E906CEFF5631F4EC1F5B874BBA5
757c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
758c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
759c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
760c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
761c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
762c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
763c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
764c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
765c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
766c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
767c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
768c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
769c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
770c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
771c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
772c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
773c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
774c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
775c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
776c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
777c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
778c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll'
779c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
780c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
781c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
782c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
783c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
784c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll'
785c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
786c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
787c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
788c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
789c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
790c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
791c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
792c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
793c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
794c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
795c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
796c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
797c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
798c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
799c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
800c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
801c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
802c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
803c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
804c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
805c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
806c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
807c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
808c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
809c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
810c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
811c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
812c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
813c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
814c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
815c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
816c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
817c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
818c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
819c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
820c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
821c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
822c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
823c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
824c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
825c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
826c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
827c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
828c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
829c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
830c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
831c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
832c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
833c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
834c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
835c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
836c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
837c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
838c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
839c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
840c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
841c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
842c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
843c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
844c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
845c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
846c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
847c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
848c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
849c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
850c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
851c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
852c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
853c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
854c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
855c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
856c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
857c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
858c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
859c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
860c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
861c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
862c78.9f0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
863c78.9f0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=36
864c78.9f0: SUPR3HardenedMain: Load Runtime...
865c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
866c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
867c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
868c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
869c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
870c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
871c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
872c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
873c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
874c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
875c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
876c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
877c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
878c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
879c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
880c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
881c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
882c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
883c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
884c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
885c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
886c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
887c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
888c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
889c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
890c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
891c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
892c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
893c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
894c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
895c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
896c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
897c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
898c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
899c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
900c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
901c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
902c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
903c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
904c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
905c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
906c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
907c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
908c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
909c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
910c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
911c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
912c78.9f0: supR3HardenedDllNotificationCallback: load 0000000059d80000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
913c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
914c78.9f0: supR3HardenedDllNotificationCallback: load 0000000059ce0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
915c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
916c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbfa440000 LB 0x00009000 C:\Windows\system32\NSI.dll [fFlags=0x0]
917c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
918c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf8200000 LB 0x0005a000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
919c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
920c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbdd620000 LB 0x0053d000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
921c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
922c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
923c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
924c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
925c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rescheduled]
926c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
927c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
928c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
929c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
930c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
931c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
932c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
933c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
934c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
935c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
936c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
937c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
938c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
939c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
940c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
941c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
942c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
943c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
944c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
945c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
946c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
947c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
948c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
949c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
950c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
951c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
952c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
953c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
954c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
955c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
956c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
957c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
958c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
959c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
960c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
961c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
962c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
963c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
964c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
965c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
966c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
967c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
968c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
969c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
970c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
971c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
972c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
973c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
974c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdd620000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
975c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\system32\Wintrust.dll'
976c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
977c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
978c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
979c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
980c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
981c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
982c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
983c78.9f0: SUPR3HardenedMain: Load TrustedMain...
984c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
985c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
986c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
987c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
988c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
989c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
990c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
991c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
992c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
993c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
994c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
995c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
996c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
997c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
998c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
999c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1000c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1001c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
1002c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1003c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1004c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1005c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1006c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1007c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
1008c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
1009c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
1010c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
1011c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1012c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1013c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1014c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1015c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
1016c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
1017c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
1018c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
1019c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1020c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1021c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1022c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1023c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1024c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
1025c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1026c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
1027c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
1028c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
1029c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1030c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1031c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
1032c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1033c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
1034c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll)
1035c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
1036c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1037c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1038c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1039c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1040c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1041c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
1042c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
1043c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1044c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1045c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1046c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1047c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1048c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1049c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
1050c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
1051c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
1052c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1053c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1054c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1055c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1056c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1057c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
1058c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1059c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
1060c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1061c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1062c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1063c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1064c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1065c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1066c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1067c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1068c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1069c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1070c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1071c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
1072c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
1073c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1074c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1075c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1076c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1077c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1078c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1079c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1080c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1081c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1082c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1083c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
1084c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
1085c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
1086c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
1087c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
1088c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1089c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1090c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1091c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1092c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
1093c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1094c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1095c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1096c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1097c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1098c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1099c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1100c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1101c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1102c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1103c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1104c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1105c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1106c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'.
1107c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'.
1108c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'.
1109c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) WinVerifyTrust
1110c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
1111c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1112c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1113c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1114c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1115c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1116c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
1117c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1118c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1119c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1120c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1121c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1122c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
1123c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1124c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
1125c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
1126c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
1127c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
1128c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1129c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1130c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1131c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1132c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1133c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1134c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1135c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1136c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1137c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1138c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1139c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1140c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1141c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1142c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1143c78.9f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
1144c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1145c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1146c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1147c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1148c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1149c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1150c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1151c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1152c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1153c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1154c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1155c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1156c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1157c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1158c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1159c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1160c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1161c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1162c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1163c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1164c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1165c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1166c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1167c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1168c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1169c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1170c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1171c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1172c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1173c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1174c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1175c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1176c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1177c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1178c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1179c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1180c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1181c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1182c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1183c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1184c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1185c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1186c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1187c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1188c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1189c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1190c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1191c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1192c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1193c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1194c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1195c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1196c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1197c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1198c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1199c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1200c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1201c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1202c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1203c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1204c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1205c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1206c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1207c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1208c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1209c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1210c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1211c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1212c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1213c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1214c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1215c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1216c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1217c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1218c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1219c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1220c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1221c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1222c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1223c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1224c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1225c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1226c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1227c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1228c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1229c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1230c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1231c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1232c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1233c78.9f0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
1234c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1235c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1236c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1237c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1238c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1239c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1240c78.9f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
1241c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1242c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1243c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1244c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1245c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1246c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1247c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1248c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1249c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1250c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1251c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1252c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1253c78.9f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
1254c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
1255c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
1256c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1257c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1258c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1259c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1260c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1261c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1262c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1263c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1264c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1265c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1266c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1267c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1268c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1269c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1270c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1271c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1272c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1273c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1274c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1275c78.9f0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
1276c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1277c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
1278c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
1279c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
1280c78.9f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)
1281c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
1282c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1283c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1284c78.9f0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
1285c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1286c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1287c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1288c78.9f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
1289c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
1290c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1291c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1292c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1293c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1294c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1295c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1296c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1297c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1298c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1299c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1300c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1301c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1302c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1303c78.9f0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1304c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1305c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1306c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1307c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1308c78.9f0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
1309c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1310c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1311c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1312c78.9f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)
1313c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
1314c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1315c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1316c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1317c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1318c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1319c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1320c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1321c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1322c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1323c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1324c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1325c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1326c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1327c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1328c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1329c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1330c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1331c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1332c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1333c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1334c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1335c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1336c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1337c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1338c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1339c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1340c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1341c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
1342c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1343c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1344c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1345c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1346c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1347c78.9f0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
1348c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1349c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1350c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1351c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1352c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1353c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1354c78.9f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)
1355c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
1356c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1357c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1358c78.9f0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
1359c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1360c78.9f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
1361c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
1362c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1363c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1364c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1365c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1366c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1367c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1368c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1369c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1370c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1371c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1372c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1373c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1374c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1375c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1376c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1377c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1378c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1379c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1380c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1381c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1382c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1383c78.9f0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
1384c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1385c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1386c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1387c78.9f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
1388c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
1389c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1390c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1391c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1392c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1393c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1394c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1395c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1396c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1397c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1398c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1399c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1400c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1401c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1402c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1403c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1404c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1405c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1406c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1407c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1408c78.9f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
1409c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1410c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1411c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1412c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1413c78.9f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1414c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1415c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1416c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1417c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1418c78.9f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1419c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1420c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1421c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1422c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1423c78.9f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
1424c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1425c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1426c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1427c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1428c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1429c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1430c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1431c78.9f0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1432c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e0 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
1433c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
1434c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
1435c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C6D4490D969C3233E8843AD4B11DB3F390C0B16
1436c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1437c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1438c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1537_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
1439c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1440c78.9f0: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
1441c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1442c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
1443c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1444c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1445c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1446c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1447c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1448c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1449c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1450c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1451c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1452c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1453c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1454c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1455c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1456c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1457c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1458c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1459c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1460c78.9f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll)
1461c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll
1462c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1463c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1464c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1465c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'.
1466c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
1467c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
1468c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbfa6e0000 LB 0x00177000 C:\Windows\system32\USER32.dll [fFlags=0x0]
1469c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
1470c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbfa2f0000 LB 0x00150000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
1471c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1472c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf49e0000 LB 0x00009000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
1473c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1474c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf0ab0000 LB 0x000f8000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
1475c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1476c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf3410000 LB 0x0002e000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
1477c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1478c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf2a80000 LB 0x0012b000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1479c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1480c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbfa0d0000 LB 0x00211000 C:\Windows\SYSTEM32\combase.dll [fFlags=0x0]
1481c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1482c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf9d90000 LB 0x00054000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1483c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1484c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf8320000 LB 0x0152a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1485c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1486c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf9df0000 LB 0x00194000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1487c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1488c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbec7d0000 LB 0x0001e000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
1489c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1490c78.9f0: supR3HardenedDllNotificationCallback: load 0000000059770000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1491c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1492c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbdc500000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1493c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1494c78.9f0: supR3HardenedDllNotificationCallback: load 0000000059200000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1495c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1496c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbecb40000 LB 0x00082000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1497c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1498c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbe5ee0000 LB 0x000a4000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\COMCTL32.dll [fFlags=0x0]
1499c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll [avoiding WinVerifyTrust]
1500c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf43e0000 LB 0x000b2000 C:\Windows\SYSTEM32\SHCORE.DLL [fFlags=0x0]
1501c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [avoiding WinVerifyTrust]
1502c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf9a40000 LB 0x000b6000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1503c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
1504c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbe8310000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1505c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1506c78.9f0: supR3HardenedDllNotificationCallback: load 00000000591a0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1507c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1508c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf9970000 LB 0x000c1000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1509c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1510c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf8140000 LB 0x0004f000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
1511c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1512c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf6ac0000 LB 0x00028000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
1513c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1514c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf35a0000 LB 0x0002a000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1515c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1516c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf3900000 LB 0x00022000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
1517c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1518c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbdcb00000 LB 0x008ea000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1519c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
1520c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
1521c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
1522c78.9f0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll'.
1523c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\comctl32.dll' [rescheduled]
1524c78.9f0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
1525c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
1526c78.9f0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
1527c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
1528c78.9f0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
1529c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
1530c78.9f0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
1531c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled]
1532c78.9f0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
1533c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
1534c78.9f0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
1535c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled]
1536c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
1537c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
1538c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
1539c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
1540c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1541c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
1542c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
1543c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
1544c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1545c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
1546c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
1547c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rescheduled]
1548c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
1549c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
1550c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
1551c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1552c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
1553c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
1554c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
1555c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1556c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1557c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
1558c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1559c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1560c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1561c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'.
1562c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
1563c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
1564c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1565c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1566c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1567c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1568c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
1569c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1570c78.9f0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
1571c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1572c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1573c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1574c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1575c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1576c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1577c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1578c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1579c78.9f0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1580c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1581c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1582c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1583c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1584c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1585c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1586c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
1587c78.9f0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
1588c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1589c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1590c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1591c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1592c78.9f0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1593c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1594c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1595c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1596c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1597c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1598c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1599c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbfa860000 LB 0x00152000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
1600c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
1601c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf8260000 LB 0x00036000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
1602c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1603c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8260000 'C:\Windows\system32\IMM32.DLL'
1604c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
1605c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rescheduled]
1606c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
1607c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
1608c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1609c78.9f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
1610c78.9f0: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
1611c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1612c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8260000 'C:\Windows\system32\imm32.dll'
1613c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1614c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1615c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9b00000 'C:\Windows\system32\ADVAPI32.DLL'
1616c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdcb00000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1617c78.9f0: SUPR3HardenedMain: Calling TrustedMain (00007ffbdcb01610)...
1618c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1619c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1620c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1621c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1622c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1623c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1624c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1625c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1626c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1627c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1628c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1629c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1630c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1631c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1632c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1633c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1634c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1635c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1636c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1637c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1638c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1639c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1640c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1641c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1642c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1643c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1644c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1645c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1646c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1647c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1648c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1649c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1650c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1651c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1652c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1653c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1654c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1655c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1656c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1657c78.9f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
1658c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1659c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1660c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1661c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1662c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1663c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1664c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1665c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1666c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1667c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1668c78.9f0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
1669c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1670c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1671c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbe5cd0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1672c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1673c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5cd0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1674c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
1675c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1676c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
1677c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
1678c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf65a0000 LB 0x0000b000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
1679c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
1680c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1681c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1682c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1683c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1684c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1685c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1686c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
1687c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000600 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1688c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
1689c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
1690c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=011C79DEF7FEEC81838000B9664073BAE4A7CB92
1691c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1692c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1693c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1357_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
1694c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1695c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1696c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1697c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
1698c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
1699c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1700c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1701c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1702c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1703c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1704c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1705c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1706c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1707c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1708c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1709c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf6940000 LB 0x00129000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1710c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1711c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6940000 'C:\Windows\system32\uxtheme.dll'
1712c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1713c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1714c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6940000 'C:\Windows\system32\uxtheme.dll'
1715c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1716c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1717c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6940000 'C:\Windows\system32\uxtheme.dll'
1718c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1719c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1720c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6940000 'C:\Windows\system32\uxtheme.dll'
1721c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa6e0000 'C:\Windows\system32\user32.dll'
1722c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1723c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1724c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
1725c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
1726c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1727c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1728c78.9f0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
1729c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1730c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf43e0000 'C:\Windows\system32\SHCore.dll'
1731c78.9f0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1732c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1733c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1734c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1735c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'.
1736c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'.
1737c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
1738c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
1739c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf6600000 LB 0x00021000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1740c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1741c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1742c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1743c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1744c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1745c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1746c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1747c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1748c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1749c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
1750c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1751c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1752c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
1753c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1754c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1755c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
1756c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1757c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1758c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
1759c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
1760c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1761c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6940000 'C:\Windows\system32\uxtheme.dll'
1762c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9b00000 'C:\Windows\system32\advapi32.dll'
1763c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1764c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1765c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1766c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1767c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
1768c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
1769c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
1770c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1771c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1772c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
1773c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1774c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1775c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1776c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1777c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1778c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
1779c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf7250000 LB 0x00021000 C:\Windows\system32\userenv.dll [fFlags=0x0]
1780c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
1781c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7250000 'C:\Windows\system32\userenv.dll'
1782c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1783c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1784c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
1785c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1786c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1787c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
1788c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
1789c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbfa620000 LB 0x000b6000 C:\Windows\SYSTEM32\clbcatq.dll [fFlags=0x0]
1790c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust]
1791c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1792c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1793c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1794c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1795c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1796c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1797c78.9f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
1798c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1799c78.abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1800c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1801c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1802c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1803c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1804c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1805c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1806c78.abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1807c78.abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1808c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1809c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1810c78.abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1811c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1812c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1813c78.abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1814c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1815c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1816c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1817c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1818c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1819c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1820c78.abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1821c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1822c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1823c78.abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1824c78.abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1825c78.abc: supR3HardenedDllNotificationCallback: load 00007ffbd7360000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1826c78.abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
1827c78.abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7360000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1828c78.abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1829c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1830c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1831c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1832c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
1833c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1834c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1835c78.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1836c78.abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
1837c78.abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1838c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1839c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1840c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1841c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1842c78.abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1843c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1844c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1845c78.abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1846c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1847c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1848c78.abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
1849c78.abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1850c78.abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1851c78.abc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
1852c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1853c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1854c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1855c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1856c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1857c78.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1858c78.abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1859c78.abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1860c78.abc: supR3HardenedDllNotificationCallback: load 00007ffbe5740000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
1861c78.abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1862c78.abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5740000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
1863c78.abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1864c78.abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1865c78.abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9970000 'C:\Windows\System32\oleaut32.dll'
1866c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa2f0000 'C:\Windows\system32\gdi32.dll'
1867c78.13a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1868c78.13a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1869c78.13a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1870c78.13a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1871c78.13a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1872c78.13a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
1873c78.13a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
1874c78.13a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1875c78.13a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1876c78.13a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1877c78.13a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1878c78.13a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1879c78.13a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
1880c78.13a4: supR3HardenedDllNotificationCallback: load 00007ffbf5b80000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
1881c78.13a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
1882c78.13a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5b80000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
1883c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
1884c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1885c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
1886c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1887c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1888c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9df0000 'C:\Windows\system32\ole32.dll'
1889c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [redoing WinVerifyTrust]
1890c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
1891c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1892c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1893c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1894c78.9f0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
1895c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1896c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa860000 'C:\Windows\system32\MSCTF.dll'
1897c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
1898c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
1899c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1900c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1901c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9df0000 'C:\Windows\system32\ole32.dll'
1902c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1903c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1904c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9970000 'C:\Windows\system32\OLEAUT32.dll'
1905c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009a8 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
1906c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
1907c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
1908c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=423F3447A3399AF560C707709A03AE5E23FA1CAD
1909c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1910c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1911c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
1912c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1913c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1914c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1915c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
1916c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
1917c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
1918c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1919c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1920c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009bc pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
1921c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
1922c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
1923c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E264B83DD0BC4A26011E964C5856C40BC4FD6A4
1924c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1925c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1926c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
1927c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1928c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1929c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'.
1930c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
1931c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
1932c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1933c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1934c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1935c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1936c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1937c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1938c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1939c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1940c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1941c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1942c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1943c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
1944c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
1945c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf2470000 LB 0x00082000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
1946c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
1947c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbf2720000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
1948c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
1949c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1950c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8020000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1951c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2720000 'C:\Windows\system32\wbem\wbemprox.dll'
1952c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009a0 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
1953c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
1954c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
1955c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=34CAAFAC191912291EB7000AE3D54335A7FD4C18
1956c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1957c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1958c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
1959c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1960c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1961c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1962c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
1963c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
1964c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1965c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1966c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1967c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1968c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1969c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
1970c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbef5f0000 LB 0x00015000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
1971c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
1972c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbef5f0000 'C:\Windows\system32\wbem\wbemsvc.dll'
1973c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1974c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8020000 'api-ms-win-core-localization-l1-2-0.dll'
1975c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1976c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8020000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
1977c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a1c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
1978c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
1979c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
1980c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92F5EA7DEF5292B930D85382B83309F563FFA69F
1981c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
1982c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
1983c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
1984c78.9f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1985c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1986c78.9f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
1987c78.9f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
1988c78.9f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
1989c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1990c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1991c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
1992c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1993c78.9f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1994c78.9f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1995c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1996c78.9f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
1997c78.9f0: supR3HardenedDllNotificationCallback: load 00007ffbef660000 LB 0x000fb000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
1998c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
1999c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbef660000 'C:\Windows\system32\wbem\fastprox.dll'
2000c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
2001c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2002c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\SYSTEM32\WINMM.dll'
2003c78.1008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2004c78.1008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2005c78.1008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2006c78.1008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2007c78.1008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2008c78.1008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2009c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2010c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2011c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2012c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2013c78.1008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2014c78.1008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2015c78.1008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2016c78.1008: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2017c78.1008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2018c78.1008: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2019c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2020c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2021c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2022c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2023c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2024c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2025c78.1008: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2026c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2027c78.1008: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2028c78.1008: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2029c78.1008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2030c78.1008: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2031c78.1008: supR3HardenedDllNotificationCallback: load 0000000059090000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2032c78.1008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
2033c78.1008: supR3HardenedDllNotificationCallback: load 00007ffbe5350000 LB 0x002b5000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2034c78.1008: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2035c78.1008: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5350000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2036c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2037c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2038c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2039c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2040c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
2041c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'nsi.dll'.
2042c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\netcfgx.dll) WinVerifyTrust
2043c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\netcfgx.dll
2044c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2045c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2046c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [redoing WinVerifyTrust]
2047c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2048c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2049c78.950: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
2050c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2051c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2052c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2053c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2054c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2055c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2056c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\netcfgx.dll
2057c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf0ff0000 LB 0x00079000 C:\Windows\System32\netcfgx.dll [fFlags=0x0]
2058c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\netcfgx.dll
2059c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf0ff0000 'C:\Windows\System32\netcfgx.dll'
2060c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf9bb0000 LB 0x001da000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2061c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
2062c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2063c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
2064c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll)
2065c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2066c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2067c78.950: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\devrtl.dll)
2068c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devrtl.dll
2069c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf0fd0000 LB 0x00016000 C:\Windows\System32\devrtl.DLL [fFlags=0x0]
2070c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2071c78.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a88 pwszName=\Device\HarddiskVolume4\Windows\System32\devrtl.dll
2072c78.9cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2073c78.9cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2074c78.9cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BD420FD87C527DD7764DD8C12C3F1C9F0448C71
2075c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2076c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2077c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2078c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2079c78.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
2080c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2081c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2082c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2083c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2084c78.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2085c78.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2086c78.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2087c78.9cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1966_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
2088c78.9cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2089c78.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
2090c78.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2091c78.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2092c78.9cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\setupapi.dll'
2093c78.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2094c78.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2095c78.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2096c78.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2097c78.9cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2098c78.9cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2099c78.9cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2100c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2101c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2102c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2103c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2104c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2105c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2106c78.9cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2107c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2108c78.9cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2109c78.9cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2110c78.9cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2111c78.9cc: supR3HardenedDllNotificationCallback: load 00007ffbf5ac0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2112c78.9cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2113c78.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5ac0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2114c78.9cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa6e0000 'C:\Windows\system32\User32.dll'
2115c78.780: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2116c78.780: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2117c78.780: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2118c78.780: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2119c78.780: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2120c78.780: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2121c78.780: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2122c78.780: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2123c78.780: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2124c78.780: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2125c78.780: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
2126c78.780: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2127c78.780: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2128c78.780: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2129c78.780: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2130c78.780: supR3HardenedDllNotificationCallback: load 00007ffbf5410000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2131c78.780: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2132c78.780: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5410000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2133c78.634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2134c78.634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2135c78.634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2136c78.634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2137c78.634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2138c78.634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2139c78.634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2140c78.634: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2141c78.634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2142c78.634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2143c78.634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2144c78.634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2145c78.634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
2146c78.634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2147c78.634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2148c78.634: supR3HardenedDllNotificationCallback: load 00007ffbf5400000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2149c78.634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2150c78.634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5400000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2151c78.10dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2152c78.10dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2153c78.10dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2154c78.10dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2155c78.10dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2156c78.10dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2157c78.10dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2158c78.10dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2159c78.10dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2160c78.10dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2161c78.10dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2162c78.10dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2163c78.10dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2164c78.10dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2165c78.10dc: supR3HardenedDllNotificationCallback: load 00007ffbf53f0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2166c78.10dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2167c78.10dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf53f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2168c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\Shell32.dll'
2169c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2170c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2171c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5350000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2172c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2173c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2174c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2175c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2176c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2177c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2178c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2179c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2180c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2181c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2182c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2183c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2184c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2185c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2186c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2187c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2188c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2189c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2190c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2191c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2192c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2193c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf4620000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2194c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2195c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4620000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2196c78.950: supR3HardenedDllNotificationCallback: Unload 00007ffbf4620000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2197c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2198c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2199c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2200c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2201c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2202c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2203c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2204c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2205c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2206c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2207c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2208c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2209c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2210c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2211c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2212c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2213c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2214c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2215c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2216c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
2217c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2218c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
2219c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2220c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2221c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2222c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2223c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2224c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2225c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2226c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2227c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2228c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2229c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2230c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2231c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2232c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2233c78.950: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'.
2234c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2235c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2236c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
2237c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
2238c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2239c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2240c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll
2241c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2242c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2243c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll
2244c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2245c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2246c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2247c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2248c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2249c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2250c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2251c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2252c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2253c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2254c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2255c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2256c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2257c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2258c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2259c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2260c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2261c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2262c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2263c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2264c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2265c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2266c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2267c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2268c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2269c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2270c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2271c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2272c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2273c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2274c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2275c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2276c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
2277c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2278c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2279c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2280c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2281c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2282c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2283c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2284c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2285c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2286c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2287c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
2288c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2289c78.950: supR3HardenedDllNotificationCallback: load 00007ffbe6b20000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2290c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2291c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf4610000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2292c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2293c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf2430000 LB 0x0000a000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2294c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2295c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf2440000 LB 0x0002a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2296c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
2297c78.950: supR3HardenedDllNotificationCallback: load 00007ffbd3a20000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2298c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
2299c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd3a20000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2300c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2301c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2302c78.950: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
2303c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2304c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2305c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2306c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2307c78.950: supR3HardenedDllNotificationCallback: load 00007ffbec140000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2308c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2309c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbec140000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2310c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2311c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
2312c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2313c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7360000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2314c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2315c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2316c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2317c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4610000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2318c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2319c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2320c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2321c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2322c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2323c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2324c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2325c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2326c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2327c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2328c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2329c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2330c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf5330000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2331c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2332c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf5330000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2333c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2334c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2335c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2336c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2337c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2338c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2339c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2340c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2341c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2342c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2343c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2344c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2345c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf45f0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2346c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2347c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf45f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2348c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2349c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2350c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2351c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2352c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2353c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2354c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2355c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2356c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2357c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2358c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2359c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2360c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf4570000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2361c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2362c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4570000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2363c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2364c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2365c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2366c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2367c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2368c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2369c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2370c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2371c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2372c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2373c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2374c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2375c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf4250000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2376c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2377c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4250000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2378c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2379c78.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2380c78.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2381c78.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2382c78.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2383c78.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2384c78.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2385c78.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2386c78.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2387c78.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2388c78.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2389c78.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2390c78.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2391c78.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2392c78.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2393c78.ba4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2394c78.ba4: supR3HardenedDllNotificationCallback: load 00007ffbf4a50000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2395c78.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2396c78.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4a50000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2397c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2398c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2399c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2400c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2401c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2402c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2403c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2404c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
2405c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2406c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2407c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2408c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2409c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2410c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2411c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2412c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2413c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2414c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2415c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2416c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2417c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2418c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2419c78.950: supR3HardenedDllNotificationCallback: load 00007ffbe4930000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2420c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2421c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4930000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
2422c78.950: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000da4 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
2423c78.950: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2424c78.950: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2425c78.950: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF2CE4B6EA46F5759902C86AAA15DD883AC6DD4E
2426c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2427c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2428c78.950: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
2429c78.950: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2430c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2431c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2432c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2433c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2434c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
2435c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
2436c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
2437c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
2438c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
2439c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
2440c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2441c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2442c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2443c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
2444c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll) WinVerifyTrust
2445c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
2446c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2447c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2448c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
2449c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2450c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2451c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2452c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2453c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2454c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2455c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2456c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2457c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2458c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2459c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2460c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2461c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2462c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
2463c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll
2464c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf7c60000 LB 0x00046000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
2465c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll
2466c78.950: supR3HardenedDllNotificationCallback: load 00007ffbe52b0000 LB 0x0009d000 C:\Windows\System32\dsound.dll [fFlags=0x0]
2467c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
2468c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
2469c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2470c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe52b0000 'C:\Windows\System32\dsound.dll'
2471c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe52b0000 'C:\Windows\System32\dsound.dll'
2472c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
2473c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2474c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe52b0000 'C:\Windows\system32\dsound.dll'
2475c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2476c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2477c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2478c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
2479c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'.
2480c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2481c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
2482c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2483c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2484c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [redoing WinVerifyTrust]
2485c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2486c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2487c78.950: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll'
2488c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2489c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2490c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2491c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2492c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2493c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
2494c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf3520000 LB 0x00070000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
2495c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
2496c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3520000 'C:\Windows\System32\MMDevApi.dll'
2497c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
2498c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2499c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3520000 'C:\Windows\system32\MMDEVAPI.DLL'
2500c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
2501c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2502c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2503c78.950: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de8 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
2504c78.950: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2505c78.950: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2506c78.950: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39D0975C289FEE943955B8CE81B02A0395FAA747
2507c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2508c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2509c78.950: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
2510c78.950: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2511c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2512c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'mmdevapi.dll'.
2513c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
2514c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'winmm.dll'.
2515c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
2516c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'avrt.dll'.
2517c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
2518c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
2519c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2520c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2521c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2522c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
2523c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2524c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2525c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
2526c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
2527c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
2528c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
2529c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2530c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2531c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2532c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
2533c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
2534c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2535c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2536c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2537c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2538c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2539c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2540c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
2541c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2542c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2543c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2544c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2545c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2546c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
2547c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
2548c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
2549c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf2110000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
2550c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
2551c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf6190000 LB 0x0000c000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
2552c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
2553c78.950: supR3HardenedDllNotificationCallback: load 00007ffbed310000 LB 0x0003e000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
2554c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
2555c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbed310000 'C:\Windows\system32\wdmaud.drv'
2556c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
2557c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2558c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbed310000 'C:\Windows\system32\wdmaud.drv'
2559c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
2560c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2561c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbed310000 'C:\Windows\system32\wdmaud.drv'
2562c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
2563c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2564c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbed310000 'C:\Windows\system32\wdmaud.drv'
2565c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
2566c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2567c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbed310000 'C:\Windows\system32\wdmaud.drv'
2568c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2569c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2570c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2571c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2572c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2573c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'mmdevapi.dll'.
2574c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
2575c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
2576c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
2577c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2578c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2579c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
2580c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2581c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2582c78.950: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
2583c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2584c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2585c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
2586c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2587c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2588c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2589c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2590c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2591c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2592c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2593c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
2594c78.950: supR3HardenedDllNotificationCallback: load 00007ffbe6980000 LB 0x0007e000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
2595c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
2596c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe6980000 'C:\Windows\system32\AUDIOSES.DLL'
2597c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
2598c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2599c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbed310000 'C:\Windows\system32\wdmaud.drv'
2600c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
2601c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2602c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbed310000 'C:\Windows\system32\wdmaud.drv'
2603c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbed310000 'C:\Windows\system32\wdmaud.drv'
2604c78.950: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e38 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
2605c78.950: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2606c78.950: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2607c78.950: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC41C5E1A841A83249581F1B29E14A708B8981A9
2608c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2609c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2610c78.950: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
2611c78.950: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2612c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2613c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2614c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
2615c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
2616c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
2617c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
2618c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
2619c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2620c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2621c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
2622c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
2623c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
2624c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2625c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2626c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2627c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
2628c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
2629c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2630c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2631c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2632c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2633c78.950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
2634c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2635c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2636c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2637c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2638c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2639c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
2640c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
2641c78.950: supR3HardenedDllNotificationCallback: load 00007ffbeeea0000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
2642c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
2643c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf45e0000 LB 0x0000b000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
2644c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
2645c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf45e0000 'C:\Windows\system32\msacm32.drv'
2646c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
2647c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2648c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf45e0000 'C:\Windows\system32\msacm32.drv'
2649c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
2650c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2651c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf45e0000 'C:\Windows\system32\msacm32.drv'
2652c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
2653c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2654c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf45e0000 'C:\Windows\system32\msacm32.drv'
2655c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
2656c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2657c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf45e0000 'C:\Windows\system32\msacm32.drv'
2658c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
2659c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2660c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf45e0000 'C:\Windows\system32\msacm32.drv'
2661c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
2662c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2663c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf45e0000 'C:\Windows\system32\msacm32.drv'
2664c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf45e0000 'C:\Windows\system32\msacm32.drv'
2665c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf45e0000 'C:\Windows\system32\msacm32.drv'
2666c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf45e0000 'C:\Windows\system32\msacm32.drv'
2667c78.950: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c9c pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
2668c78.950: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2669c78.950: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2670c78.950: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0F2984C30BFC77017EA7B9BF6F656853E29D991
2671c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2672c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2673c78.950: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
2674c78.950: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2675c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2676c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2677c78.950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
2678c78.950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
2679c78.950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
2680c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2681c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2682c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2683c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2684c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2685c78.950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2686c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2687c78.950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
2688c78.950: supR3HardenedDllNotificationCallback: load 00007ffbf4530000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0]
2689c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
2690c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4530000 'C:\Windows\system32\midimap.dll'
2691c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
2692c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2693c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4530000 'C:\Windows\system32\midimap.dll'
2694c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
2695c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2696c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4530000 'C:\Windows\system32\midimap.dll'
2697c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
2698c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2699c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf4530000 'C:\Windows\system32\midimap.dll'
2700c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2701c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2702c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2703c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2704c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
2705c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2706c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2707c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2708c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
2709c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2710c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe52b0000 'C:\Windows\system32\dsound.dll'
2711c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2712c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2713c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2714c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2715c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
2716c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2717c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe52b0000 'C:\Windows\system32\dsound.dll'
2718c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3900000 'C:\Windows\system32\winmm.dll'
2719c78.950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2720c78.950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2721c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe5350000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2722c78.950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2723c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
2724c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
2725c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
2726c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
2727c78.9f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
2728c78.9f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2729c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
2730c78.9f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
2731c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2732c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2733c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
2734c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'combase.dll'.
2735c78.724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll)
2736c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
2737c78.724: supR3HardenedDllNotificationCallback: load 00007ffbf1e20000 LB 0x0017f000 C:\Windows\SYSTEM32\PROPSYS.dll [fFlags=0x0]
2738c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll [avoiding WinVerifyTrust]
2739c78.724: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
2740c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
2741c78.724: supR3HardenedDllNotificationCallback: load 00007ffbf6870000 LB 0x0008e000 C:\Windows\SYSTEM32\apphelp.dll [fFlags=0x0]
2742c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [avoiding WinVerifyTrust]
2743c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a34 pwszName=\Device\HarddiskVolume4\Windows\System32\apphelp.dll
2744c78.724: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2745c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2746c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2747c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2748c78.724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
2749c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2750c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2751c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2752c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2753c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2754c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2755c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8190000 'C:\Windows\System32\WINTRUST.DLL'
2756c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\CRYPT32.dll'
2757c78.724: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=42E26D076286ECAAC1729250540377F2004F5DC1
2758c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2759c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2760c78.724: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3107998~31bf3856ad364e35~amd64~~6.3.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\apphelp.dll'
2761c78.724: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2762c78.724: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\apphelp.dll'
2763c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2764c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2765c78.724: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\propsys.dll'
2766c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000910 pwszName=\Device\HarddiskVolume4\Windows\System32\ieframe.dll
2767c78.724: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2768c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2769c78.724: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B31CDBCDE6524E48CC0CE011376A9EDA8FCDA099
2770c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2771c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2772c78.724: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_136_for_KB3141092~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\ieframe.dll'
2773c78.724: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2774c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'.
2775c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2776c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
2777c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'user32.dll'.
2778c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
2779c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
2780c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'shell32.dll'.
2781c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'iertutil.dll'.
2782c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
2783c78.724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ieframe.dll) WinVerifyTrust
2784c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ieframe.dll
2785c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2786c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2787c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
2788c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume4\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
2789c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fe0 pwszName=\Device\HarddiskVolume4\Windows\System32\iertutil.dll
2790c78.724: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2791c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2792c78.724: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67EC71FA8234CDBA33408808EF123C4251560580
2793c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2794c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2795c78.724: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_98_for_KB3141092~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\iertutil.dll'
2796c78.724: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2797c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2798c78.724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\iertutil.dll) WinVerifyTrust
2799c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\iertutil.dll
2800c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2801c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2802c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2803c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2804c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2805c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2806c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2807c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2808c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2809c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2810c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2811c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2812c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2813c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2814c78.724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
2815c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2816c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2817c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ieframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2818c78.724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ieframe.dll
2819c78.724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\iertutil.dll
2820c78.724: supR3HardenedDllNotificationCallback: load 00007ffbf0200000 LB 0x002c8000 C:\Windows\System32\iertutil.dll [fFlags=0x0]
2821c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\iertutil.dll
2822c78.724: supR3HardenedDllNotificationCallback: load 00007ffbe2830000 LB 0x00dd0000 C:\Windows\System32\ieframe.dll [fFlags=0x0]
2823c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ieframe.dll
2824c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
2825c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2826c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2827c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
2828c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2829c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2830c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
2831c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2832c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2833c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
2834c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2835c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2836c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2837c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2838c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2839c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2840c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2841c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2842c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2843c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
2844c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2845c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9f90000 'C:\Windows\system32\kernel32.dll'
2846c78.724: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\comctl32.dll'.
2847c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2848c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
2849c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
2850c78.724: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\comctl32.dll)
2851c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\comctl32.dll
2852c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2853c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2854c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2855c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2856c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2857c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2858c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2859c78.724: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\comctl32.dll [avoiding WinVerifyTrust]
2860c78.724: supR3HardenedDllNotificationCallback: load 00007ffbf3db0000 LB 0x0027b000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\comctl32.dll [fFlags=0x0]
2861c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\comctl32.dll [avoiding WinVerifyTrust]
2862c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3db0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\comctl32.dll'
2863c78.724: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\comctl32.dll'.
2864c78.724: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\comctl32.dll' [rescheduled]
2865c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa6e0000 'C:\Windows\system32\user32.dll'
2866c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2830000 'C:\Windows\System32\ieframe.dll'
2867c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa6e0000 'C:\Windows\system32\user32.dll'
2868c78.724: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-ole32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2869c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa0d0000 'api-ms-win-downlevel-ole32-l1-1-0.dll'
2870c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff4 pwszName=\Device\HarddiskVolume4\Windows\System32\urlmon.dll
2871c78.724: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2872c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2873c78.724: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9504DA7A8507ED69CEAFFA7259807C54186EF338
2874c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2875c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2876c78.724: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_98_for_KB3141092~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\urlmon.dll'
2877c78.724: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2878c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2879c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
2880c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'.
2881c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
2882c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'iertutil.dll'.
2883c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'wininet.dll'.
2884c78.724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\urlmon.dll) WinVerifyTrust
2885c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\urlmon.dll
2886c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wininet.dll'...
2887c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'wininet.dll' -> '\Device\HarddiskVolume4\Windows\System32\wininet.dll' [rcNtRedir=0xc0150008]
2888c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff8 pwszName=\Device\HarddiskVolume4\Windows\System32\wininet.dll
2889c78.724: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2890c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2891c78.724: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=178C7F9885B46F8E05D76C6B289A3E13538E7F7B
2892c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2893c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2894c78.724: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_43_for_KB3134814~31bf3856ad364e35~amd64~~6.3.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\wininet.dll'
2895c78.724: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2896c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2897c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2898c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'iertutil.dll'.
2899c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'userenv.dll'.
2900c78.724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wininet.dll) WinVerifyTrust
2901c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wininet.dll
2902c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
2903c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume4\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
2904c78.724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\iertutil.dll
2905c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2906c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2907c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2908c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2909c78.724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
2910c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2911c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2912c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2913c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2914c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2915c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2916c78.724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
2917c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
2918c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume4\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
2919c78.724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\iertutil.dll
2920c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2921c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2922c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2923c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2924c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\urlmon.dll (Input=urlmon.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2925c78.724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\urlmon.dll
2926c78.724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wininet.dll
2927c78.724: supR3HardenedDllNotificationCallback: load 00007ffbeff70000 LB 0x00283000 C:\Windows\SYSTEM32\WININET.dll [fFlags=0x0]
2928c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wininet.dll
2929c78.724: supR3HardenedDllNotificationCallback: load 00007ffbf0530000 LB 0x00185000 C:\Windows\system32\urlmon.dll [fFlags=0x0]
2930c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\urlmon.dll
2931c78.724: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-advapi32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2932c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8020000 'api-ms-win-downlevel-advapi32-l1-1-0.dll'
2933c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9b00000 'C:\Windows\system32\ADVAPI32.dll'
2934c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf0530000 'C:\Windows\system32\urlmon.dll'
2935c78.724: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-shlwapi-l2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2936c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf43e0000 'api-ms-win-downlevel-shlwapi-l2-1-0.dll'
2937c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
2938c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\PROPSYS.dll (Input=PROPSYS.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2939c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1e20000 'C:\Windows\system32\PROPSYS.dll'
2940c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
2941c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2942c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1e20000 'C:\Windows\system32\propsys.dll'
2943c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001070 pwszName=\Device\HarddiskVolume4\Windows\System32\secur32.dll
2944c78.724: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2945c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2946c78.724: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F24F3F20C216B9DDAC0185F975C060619395001
2947c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2948c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2949c78.724: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_986_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\secur32.dll'
2950c78.724: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2951c78.724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\secur32.dll) WinVerifyTrust
2952c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\secur32.dll
2953c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Secur32.dll (Input=Secur32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2954c78.724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\secur32.dll
2955c78.724: supR3HardenedDllNotificationCallback: load 00007ffbee7b0000 LB 0x0000c000 C:\Windows\system32\Secur32.dll [fFlags=0x0]
2956c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\secur32.dll
2957c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbee7b0000 'C:\Windows\system32\Secur32.dll'
2958c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2959c78.724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sspicli.dll)
2960c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sspicli.dll
2961c78.724: supR3HardenedDllNotificationCallback: load 00007ffbf7af0000 LB 0x0002e000 C:\Windows\SYSTEM32\SSPICLI.DLL [fFlags=0x0]
2962c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sspicli.dll [avoiding WinVerifyTrust]
2963c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2964c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2965c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2966c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2967c78.724: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sspicli.dll'
2968c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sspicli.dll
2969c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\sspicli.dll (Input=sspicli.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2970c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7af0000 'C:\Windows\system32\sspicli.dll'
2971c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010a4 pwszName=\Device\HarddiskVolume4\Windows\System32\mlang.dll
2972c78.724: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
2973c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
2974c78.724: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD42D910F580EE63CE7294EA9EF818604B363662
2975c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
2976c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
2977c78.724: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\mlang.dll'
2978c78.724: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2979c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2980c78.724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mlang.dll) WinVerifyTrust
2981c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mlang.dll
2982c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2983c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2984c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MLANG.dll (Input=MLANG.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2985c78.724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mlang.dll
2986c78.724: supR3HardenedDllNotificationCallback: load 00007ffbeca70000 LB 0x0003e000 C:\Windows\system32\MLANG.dll [fFlags=0x0]
2987c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mlang.dll
2988c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeca70000 'C:\Windows\system32\MLANG.dll'
2989c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf9970000 'C:\Windows\system32\OLEAUT32.dll'
2990c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wininet.dll
2991c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WININET.dll (Input=WININET.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2992c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeff70000 'C:\Windows\system32\WININET.dll'
2993c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\secur32.dll
2994c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Secur32.dll (Input=Secur32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2995c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbee7b0000 'C:\Windows\system32\Secur32.dll'
2996c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\SHELL32.dll'
2997c78.724: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-ole32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2998c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbfa0d0000 'api-ms-win-downlevel-ole32-l1-1-0.dll'
2999c78.724: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-advapi32-l2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3000c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf82c0000 'api-ms-win-downlevel-advapi32-l2-1-0.dll'
3001c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b8 pwszName=\Device\HarddiskVolume4\Program Files\Internet Explorer\ieproxy.dll
3002c78.724: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000014b39b0
3003c78.724: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000014b39b0
3004c78.724: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2722A91610FFBB17B335C2CFE4357102F44AD28F
3005c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
3006c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7e40000 'C:\Windows\system32\crypt32.dll'
3007c78.724: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_136_for_KB3141092~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume4\Program Files\Internet Explorer\ieproxy.dll'
3008c78.724: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3009c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3010c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3011c78.724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Internet Explorer\ieproxy.dll) WinVerifyTrust
3012c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Internet Explorer\ieproxy.dll
3013c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3014c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3015c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3016c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3017c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Internet Explorer\ieproxy.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3018c78.724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Internet Explorer\ieproxy.dll
3019c78.724: supR3HardenedDllNotificationCallback: load 00007ffbe8370000 LB 0x000ba000 C:\Program Files\Internet Explorer\ieproxy.dll [fFlags=0x0]
3020c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Internet Explorer\ieproxy.dll
3021c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe8370000 'C:\Program Files\Internet Explorer\ieproxy.dll'
3022c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\system32\shell32.dll'
3023c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf8320000 'C:\Windows\System32\shell32.dll'
3024c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
3025c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
3026c78.724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'iertutil.dll'.
3027c78.724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Internet Explorer\iexplore.exe)
3028c78.724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Internet Explorer\iexplore.exe
3029c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
3030c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume4\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
3031c78.724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\iertutil.dll
3032c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3033c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3034c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3035c78.724: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3036c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf7140000 'C:\Windows\system32\rsaenh.dll'
3037c78.724: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Internet Explorer\iexplore.exe'
3038c78.724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll
3039c78.724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3040c78.724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf6870000 'C:\Windows\system32\apphelp.dll'
3041c78.724: supR3HardenedDllNotificationCallback: Unload 00007ffbe8370000 LB 0x000ba000 C:\Program Files\Internet Explorer\ieproxy.dll [flags=0x0]
3042c78.724: supR3HardenedDllNotificationCallback: Unload 00007ffbe2830000 LB 0x00dd0000 C:\Windows\System32\ieframe.dll [flags=0x0]
3043c78.1130: supR3HardenedDllNotificationCallback: Unload 00007ffbf0ff0000 LB 0x00079000 C:\Windows\System32\netcfgx.dll [flags=0x0]
3044c78.1130: supR3HardenedDllNotificationCallback: Unload 00007ffbf0fd0000 LB 0x00016000 C:\Windows\System32\devrtl.DLL [flags=0x0]

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy