VirtualBox

Ticket #17129: VBoxHardening.log

File VBoxHardening.log, 396.7 KB (added by granter1, 7 years ago)
Line 
12474.211c: Log file opened: 5.1.28r117968 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03ad700
22474.211c: \SystemRoot\System32\ntdll.dll:
32474.211c: CreationTime: 2017-09-18T14:26:39.656160800Z
42474.211c: LastWriteTime: 2017-09-05T05:26:19.169608500Z
52474.211c: ChangeTime: 2017-09-19T11:00:07.367406500Z
62474.211c: FileAttributes: 0x20
72474.211c: Size: 0x1d7658
82474.211c: NT Headers: 0xe0
92474.211c: Timestamp: 0x8274fd8b
102474.211c: Machine: 0x8664 - amd64
112474.211c: Timestamp: 0x8274fd8b
122474.211c: Image Version: 10.0
132474.211c: SizeOfImage: 0x1db000 (1945600)
142474.211c: Resource Dir: 0x170000 LB 0x69448
152474.211c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162474.211c: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172474.211c: ProductName: Microsoft® Windows® Operating System
182474.211c: ProductVersion: 10.0.15063.608
192474.211c: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
202474.211c: FileDescription: NT Layer DLL
212474.211c: \SystemRoot\System32\kernel32.dll:
222474.211c: CreationTime: 2017-05-10T11:55:02.222932100Z
232474.211c: LastWriteTime: 2017-04-28T01:06:01.409897400Z
242474.211c: ChangeTime: 2017-09-18T14:44:34.988898900Z
252474.211c: FileAttributes: 0x20
262474.211c: Size: 0xad068
272474.211c: NT Headers: 0xf8
282474.211c: Timestamp: 0xf5fa43df
292474.211c: Machine: 0x8664 - amd64
302474.211c: Timestamp: 0xf5fa43df
312474.211c: Image Version: 10.0
322474.211c: SizeOfImage: 0xae000 (712704)
332474.211c: Resource Dir: 0xac000 LB 0x520
342474.211c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352474.211c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362474.211c: ProductName: Microsoft® Windows® Operating System
372474.211c: ProductVersion: 10.0.15063.296
382474.211c: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
392474.211c: FileDescription: Windows NT BASE API Client DLL
402474.211c: \SystemRoot\System32\KernelBase.dll:
412474.211c: CreationTime: 2017-09-18T14:27:12.219330600Z
422474.211c: LastWriteTime: 2017-09-05T05:27:02.025776900Z
432474.211c: ChangeTime: 2017-09-19T11:00:01.273556600Z
442474.211c: FileAttributes: 0x20
452474.211c: Size: 0x249df0
462474.211c: NT Headers: 0x100
472474.211c: Timestamp: 0x943cbf8b
482474.211c: Machine: 0x8664 - amd64
492474.211c: Timestamp: 0x943cbf8b
502474.211c: Image Version: 10.0
512474.211c: SizeOfImage: 0x249000 (2396160)
522474.211c: Resource Dir: 0x22a000 LB 0x548
532474.211c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542474.211c: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552474.211c: ProductName: Microsoft® Windows® Operating System
562474.211c: ProductVersion: 10.0.15063.608
572474.211c: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
582474.211c: FileDescription: Windows NT BASE API Client DLL
592474.211c: \SystemRoot\System32\apisetschema.dll:
602474.211c: CreationTime: 2017-03-18T20:57:35.373527900Z
612474.211c: LastWriteTime: 2017-03-18T20:57:35.373527900Z
622474.211c: ChangeTime: 2017-05-10T05:50:00.839173100Z
632474.211c: FileAttributes: 0x20
642474.211c: Size: 0x1ada0
652474.211c: NT Headers: 0xc0
662474.211c: Timestamp: 0x76544b2
672474.211c: Machine: 0x8664 - amd64
682474.211c: Timestamp: 0x76544b2
692474.211c: Image Version: 10.0
702474.211c: SizeOfImage: 0x1b000 (110592)
712474.211c: Resource Dir: 0x1a000 LB 0x408
722474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732474.211c: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742474.211c: ProductName: Microsoft® Windows® Operating System
752474.211c: ProductVersion: 10.0.15063.0
762474.211c: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
772474.211c: FileDescription: ApiSet Schema DLL
782474.211c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792474.211c: supR3HardenedWinFindAdversaries: 0x84
802474.211c: \SystemRoot\System32\drivers\aswHwid.sys:
812474.211c: CreationTime: 2015-07-27T02:30:37.789939900Z
822474.211c: LastWriteTime: 2017-09-01T22:49:54.319854300Z
832474.211c: ChangeTime: 2017-09-01T22:50:30.123504000Z
842474.211c: FileAttributes: 0x20
852474.211c: Size: 0xb7a8
862474.211c: NT Headers: 0xe8
872474.211c: Timestamp: 0x599c71bd
882474.211c: Machine: 0x8664 - amd64
892474.211c: Timestamp: 0x599c71bd
902474.211c: Image Version: 6.0
912474.211c: SizeOfImage: 0xa000 (40960)
922474.211c: Resource Dir: 0x8000 LB 0x388
932474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
942474.211c: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
952474.211c: ProductName: Avast Antivirus
962474.211c: ProductVersion: 17.6.3614.0
972474.211c: FileVersion: 17.6.3614.0
982474.211c: FileDescription: Avast HWID
992474.211c: \SystemRoot\System32\drivers\aswMonFlt.sys:
1002474.211c: CreationTime: 2015-07-27T02:30:37.793940000Z
1012474.211c: LastWriteTime: 2017-09-01T22:49:54.495483100Z
1022474.211c: ChangeTime: 2017-09-01T22:50:30.124506600Z
1032474.211c: FileAttributes: 0x20
1042474.211c: Size: 0x24148
1052474.211c: NT Headers: 0xe0
1062474.211c: Timestamp: 0x599c746f
1072474.211c: Machine: 0x8664 - amd64
1082474.211c: Timestamp: 0x599c746f
1092474.211c: Image Version: 6.0
1102474.211c: SizeOfImage: 0x28000 (163840)
1112474.211c: Resource Dir: 0x26000 LB 0x3b0
1122474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1132474.211c: [Raw version resource data: 0x26060 LB 0x34c, codepage 0x0 (reserved 0x0)]
1142474.211c: ProductName: Avast Antivirus
1152474.211c: ProductVersion: 17.6.3614.0
1162474.211c: FileVersion: 17.6.3614.0
1172474.211c: FileDescription: Avast File System Minifilter for Windows 2003/Vista
1182474.211c: \SystemRoot\System32\drivers\aswRdr2.sys:
1192474.211c: CreationTime: 2015-07-27T02:30:37.785942200Z
1202474.211c: LastWriteTime: 2017-09-01T22:49:53.126991400Z
1212474.211c: ChangeTime: 2017-09-01T22:50:30.126506200Z
1222474.211c: FileAttributes: 0x20
1232474.211c: Size: 0x1af28
1242474.211c: NT Headers: 0xf0
1252474.211c: Timestamp: 0x599c71d4
1262474.211c: Machine: 0x8664 - amd64
1272474.211c: Timestamp: 0x599c71d4
1282474.211c: Image Version: 6.1
1292474.211c: SizeOfImage: 0x1a000 (106496)
1302474.211c: Resource Dir: 0x18000 LB 0x398
1312474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1322474.211c: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
1332474.211c: ProductName: Avast Antivirus
1342474.211c: ProductVersion: 17.6.3614.0
1352474.211c: FileVersion: 17.6.3614.0 built by: WinDDK
1362474.211c: FileDescription: Avast WFP Redirect Driver
1372474.211c: \SystemRoot\System32\drivers\aswRvrt.sys:
1382474.211c: CreationTime: 2015-07-27T02:30:37.801940500Z
1392474.211c: LastWriteTime: 2017-09-01T22:49:54.573033100Z
1402474.211c: ChangeTime: 2017-09-01T22:50:30.127507300Z
1412474.211c: FileAttributes: 0x20
1422474.211c: Size: 0x149c0
1432474.211c: NT Headers: 0xf0
1442474.211c: Timestamp: 0x599c71bf
1452474.211c: Machine: 0x8664 - amd64
1462474.211c: Timestamp: 0x599c71bf
1472474.211c: Image Version: 6.0
1482474.211c: SizeOfImage: 0x13000 (77824)
1492474.211c: Resource Dir: 0x11000 LB 0x388
1502474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1512474.211c: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
1522474.211c: ProductName: Avast Antivirus
1532474.211c: ProductVersion: 17.6.3614.0
1542474.211c: FileVersion: 17.6.3614.0
1552474.211c: FileDescription: Avast Revert
1562474.211c: \SystemRoot\System32\drivers\aswSnx.sys:
1572474.211c: CreationTime: 2015-07-27T02:30:37.741936100Z
1582474.211c: LastWriteTime: 2017-09-01T22:48:59.334700200Z
1592474.211c: ChangeTime: 2017-09-01T22:50:30.128512700Z
1602474.211c: FileAttributes: 0x20
1612474.211c: Size: 0xf8240
1622474.211c: NT Headers: 0xe8
1632474.211c: Timestamp: 0x599c71d4
1642474.211c: Machine: 0x8664 - amd64
1652474.211c: Timestamp: 0x599c71d4
1662474.211c: Image Version: 6.0
1672474.211c: SizeOfImage: 0xf6000 (1007616)
1682474.211c: Resource Dir: 0xee000 LB 0x378
1692474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1702474.211c: [Raw version resource data: 0xee060 LB 0x314, codepage 0x0 (reserved 0x0)]
1712474.211c: ProductName: Avast Antivirus
1722474.211c: ProductVersion: 17.6.3614.0
1732474.211c: FileVersion: 17.6.3614.0
1742474.211c: FileDescription: Avast Virtualization Driver
1752474.211c: \SystemRoot\System32\drivers\aswsp.sys:
1762474.211c: CreationTime: 2015-07-27T02:30:37.805941500Z
1772474.211c: LastWriteTime: 2017-09-01T22:49:54.863239600Z
1782474.211c: ChangeTime: 2017-09-01T22:50:30.129011400Z
1792474.211c: FileAttributes: 0x20
1802474.211c: Size: 0x90420
1812474.211c: NT Headers: 0xe0
1822474.211c: Timestamp: 0x599c7487
1832474.211c: Machine: 0x8664 - amd64
1842474.211c: Timestamp: 0x599c7487
1852474.211c: Image Version: 6.0
1862474.211c: SizeOfImage: 0xb4000 (737280)
1872474.211c: Resource Dir: 0xb2000 LB 0x370
1882474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1892474.211c: [Raw version resource data: 0xb2060 LB 0x310, codepage 0x0 (reserved 0x0)]
1902474.211c: ProductName: Avast Antivirus
1912474.211c: ProductVersion: 17.6.3614.0
1922474.211c: FileVersion: 17.6.3614.0
1932474.211c: FileDescription: Avast self protection module
1942474.211c: \SystemRoot\System32\drivers\aswStm.sys:
1952474.211c: CreationTime: 2015-07-27T02:30:37.813942100Z
1962474.211c: LastWriteTime: 2017-09-18T13:45:31.052462000Z
1972474.211c: ChangeTime: 2017-09-18T13:45:31.052462000Z
1982474.211c: FileAttributes: 0x20
1992474.211c: Size: 0x30a90
2002474.211c: NT Headers: 0x100
2012474.211c: Timestamp: 0x59bbeacf
2022474.211c: Machine: 0x8664 - amd64
2032474.211c: Timestamp: 0x59bbeacf
2042474.211c: Image Version: 10.0
2052474.211c: SizeOfImage: 0x31000 (200704)
2062474.211c: Resource Dir: 0x2f000 LB 0x358
2072474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
2082474.211c: [Raw version resource data: 0x2f060 LB 0x2f8, codepage 0x0 (reserved 0x0)]
2092474.211c: ProductName: Avast Antivirus
2102474.211c: ProductVersion: 17.6.3625.214
2112474.211c: FileVersion: 17.6.3625.214
2122474.211c: FileDescription: Stream Filter
2132474.211c: \SystemRoot\System32\drivers\aswVmm.sys:
2142474.211c: CreationTime: 2015-07-27T02:30:37.809942000Z
2152474.211c: LastWriteTime: 2017-09-25T18:20:06.751876000Z
2162474.211c: ChangeTime: 2017-09-25T18:20:06.751876000Z
2172474.211c: FileAttributes: 0x20
2182474.211c: Size: 0x58538
2192474.211c: NT Headers: 0xf0
2202474.211c: Timestamp: 0x59c26b61
2212474.211c: Machine: 0x8664 - amd64
2222474.211c: Timestamp: 0x59c26b61
2232474.211c: Image Version: 6.0
2242474.211c: SizeOfImage: 0x57000 (356352)
2252474.211c: Resource Dir: 0x54000 LB 0x398
2262474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2272474.211c: [Raw version resource data: 0x54060 LB 0x338, codepage 0x0 (reserved 0x0)]
2282474.211c: ProductName: Avast Antivirus
2292474.211c: ProductVersion: 17.6.3625.220
2302474.211c: FileVersion: 17.6.3625.220
2312474.211c: FileDescription: Avast VM Monitor
2322474.211c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
2332474.211c: CreationTime: 2015-08-01T11:04:08.001612800Z
2342474.211c: LastWriteTime: 2016-02-23T16:17:19.174171800Z
2352474.211c: ChangeTime: 2017-05-09T21:30:31.488258700Z
2362474.211c: FileAttributes: 0x20
2372474.211c: Size: 0x1bcd8
2382474.211c: NT Headers: 0xe8
2392474.211c: Timestamp: 0x552c190f
2402474.211c: Machine: 0x8664 - amd64
2412474.211c: Timestamp: 0x552c190f
2422474.211c: Image Version: 6.1
2432474.211c: SizeOfImage: 0x21000 (135168)
2442474.211c: Resource Dir: 0x1f000 LB 0x3f0
2452474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2462474.211c: [Raw version resource data: 0x1f060 LB 0x38c, codepage 0x0 (reserved 0x0)]
2472474.211c: ProductName: Malwarebytes Anti-Malware
2482474.211c: ProductVersion: 0.2.22.0
2492474.211c: FileVersion: 0.2.22.0
2502474.211c: FileDescription: Malwarebytes Anti-Malware
2512474.211c: \SystemRoot\System32\drivers\mwac.sys:
2522474.211c: CreationTime: 2015-08-01T11:03:56.164226200Z
2532474.211c: LastWriteTime: 2015-06-18T07:42:02.000000000Z
2542474.211c: ChangeTime: 2017-05-09T21:30:31.488258700Z
2552474.211c: FileAttributes: 0x20
2562474.211c: Size: 0xfad8
2572474.211c: NT Headers: 0xe0
2582474.211c: Timestamp: 0x53a0f444
2592474.211c: Machine: 0x8664 - amd64
2602474.211c: Timestamp: 0x53a0f444
2612474.211c: Image Version: 6.2
2622474.211c: SizeOfImage: 0x13000 (77824)
2632474.211c: Resource Dir: 0x11000 LB 0x3e0
2642474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2652474.211c: [Raw version resource data: 0x11060 LB 0x37c, codepage 0x0 (reserved 0x0)]
2662474.211c: ProductName: Malwarebytes Web Access Control
2672474.211c: ProductVersion: 1.0.6.0
2682474.211c: FileVersion: 1.0.6.0
2692474.211c: FileDescription: Malwarebytes Web Access Control
2702474.211c: \SystemRoot\System32\drivers\mbamchameleon.sys:
2712474.211c: CreationTime: 2015-08-01T11:03:56.179851300Z
2722474.211c: LastWriteTime: 2015-06-18T07:41:44.000000000Z
2732474.211c: ChangeTime: 2017-05-09T21:30:31.488258700Z
2742474.211c: FileAttributes: 0x20
2752474.211c: Size: 0x1aad8
2762474.211c: NT Headers: 0xd8
2772474.211c: Timestamp: 0x554cf757
2782474.211c: Machine: 0x8664 - amd64
2792474.211c: Timestamp: 0x554cf757
2802474.211c: Image Version: 6.1
2812474.211c: SizeOfImage: 0x1e000 (122880)
2822474.211c: Resource Dir: 0x1c000 LB 0xbd8
2832474.211c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2842474.211c: [Raw version resource data: 0x1c830 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2852474.211c: ProductName: Malwarebytes Chameleon
2862474.211c: ProductVersion: 1.1.20.0
2872474.211c: FileVersion: 1.1.20.0
2882474.211c: FileDescription: Malwarebytes Chameleon Protection Driver
2892474.211c: \SystemRoot\System32\drivers\mbam.sys:
2902474.211c: CreationTime: 2015-08-01T11:03:56.164226200Z
2912474.211c: LastWriteTime: 2015-06-18T07:41:40.000000000Z
2922474.211c: ChangeTime: 2017-05-09T21:30:31.488258700Z
2932474.211c: FileAttributes: 0x20
2942474.211c: Size: 0x64d8
2952474.211c: NT Headers: 0xd8
2962474.211c: Timestamp: 0x540754e1
2972474.211c: Machine: 0x8664 - amd64
2982474.211c: Timestamp: 0x540754e1
2992474.211c: Image Version: 6.1
3002474.211c: SizeOfImage: 0xa000 (40960)
3012474.211c: Resource Dir: 0x8000 LB 0x3d0
3022474.211c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3032474.211c: [Raw version resource data: 0x8060 LB 0x36c, codepage 0x0 (reserved 0x0)]
3042474.211c: ProductName: Malwarebytes Anti-Malware
3052474.211c: ProductVersion: 0.1.15.0
3062474.211c: FileVersion: 0.1.15.0
3072474.211c: FileDescription: Malwarebytes Anti-Malware
3082474.211c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3092474.211c: Calling main()
3102474.211c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3112474.211c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3122474.211c: SUPR3HardenedMain: Respawn #1
3132474.211c: System32: \Device\HarddiskVolume4\Windows\System32
3142474.211c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
3152474.211c: KnownDllPath: C:\WINDOWS\System32
3162474.211c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3172474.211c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3182474.211c: supR3HardNtEnableThreadCreation:
3192474.211c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1b159ac0 pvNtTerminateThread=00007ffe1b185df0
3202474.211c: supR3HardenedWinDoReSpawn(1): New child 2dd4.2a64 [kernel32].
3212474.211c: supR3HardNtChildGatherData: PebBaseAddress=00000000009a4000 cbPeb=0x388
3222474.211c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe1b0e0000 uNtDllChildAddr=00007ffe1b0e0000
3232474.211c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe1b159ac0
3242474.211c: supR3HardenedWinSetupChildInit: Start child.
3252474.211c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3262474.211c: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
3272474.211c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3282474.211c: *0000000000000000-000000000072ffff 0x0001/0x0000 0x0000000
3292474.211c: *0000000000730000-000000000074ffff 0x0004/0x0004 0x0020000
3302474.211c: *0000000000750000-0000000000767fff 0x0002/0x0002 0x0040000
3312474.211c: 0000000000768000-000000000076ffff 0x0001/0x0000 0x0000000
3322474.211c: *0000000000770000-0000000000773fff 0x0002/0x0002 0x0040000
3332474.211c: 0000000000774000-000000000077ffff 0x0001/0x0000 0x0000000
3342474.211c: *0000000000780000-0000000000780fff 0x0004/0x0004 0x0020000
3352474.211c: 0000000000781000-00000000007fffff 0x0001/0x0000 0x0000000
3362474.211c: *0000000000800000-00000000009a3fff 0x0000/0x0004 0x0020000
3372474.211c: 00000000009a4000-00000000009a6fff 0x0004/0x0004 0x0020000
3382474.211c: 00000000009a7000-00000000009fffff 0x0000/0x0004 0x0020000
3392474.211c: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000
3402474.211c: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000
3412474.211c: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000
3422474.211c: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000
3432474.211c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3442474.211c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
3452474.211c: 000000007fff0000-00007ff62757ffff 0x0001/0x0000 0x0000000
3462474.211c: *00007ff627580000-00007ff6275a2fff 0x0002/0x0002 0x0040000
3472474.211c: 00007ff6275a3000-00007ff62802ffff 0x0001/0x0000 0x0000000
3482474.211c: *00007ff628030000-00007ff628030fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3492474.211c: 00007ff628031000-00007ff6280a0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3502474.211c: 00007ff6280a1000-00007ff6280a1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3512474.211c: 00007ff6280a2000-00007ff6280e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3522474.211c: 00007ff6280e8000-00007ff6280e8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3532474.211c: 00007ff6280e9000-00007ff6280e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3542474.211c: 00007ff6280ea000-00007ff6280eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3552474.211c: 00007ff6280ef000-00007ff6280effff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3562474.211c: 00007ff6280f0000-00007ff6280f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3572474.211c: 00007ff6280f1000-00007ff6280f4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3582474.211c: 00007ff6280f5000-00007ff62813cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
3592474.211c: 00007ff62813d000-00007ffe1b0dffff 0x0001/0x0000 0x0000000
3602474.211c: *00007ffe1b0e0000-00007ffe1b0e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3612474.211c: 00007ffe1b0e1000-00007ffe1b1effff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3622474.211c: 00007ffe1b1f0000-00007ffe1b234fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3632474.211c: 00007ffe1b235000-00007ffe1b23cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3642474.211c: 00007ffe1b23d000-00007ffe1b24afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3652474.211c: 00007ffe1b24b000-00007ffe1b24bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3662474.211c: 00007ffe1b24c000-00007ffe1b24efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3672474.211c: 00007ffe1b24f000-00007ffe1b2bafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
3682474.211c: 00007ffe1b2bb000-00007ffffffdffff 0x0001/0x0000 0x0000000
3692474.211c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
3702474.211c: VirtualBox.exe: timestamp 0x59b8f49b (rc=VINF_SUCCESS)
3712474.211c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3722474.211c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
3732474.211c: supR3HardNtChildPurify: Done after 672 ms and 0 fixes (loop #0).
3742474.211c: supR3HardNtEnableThreadCreation:
3752dd4.2a64: Log file opened: 5.1.28r117968 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
3762dd4.2a64: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe1b0e0000 g_uNtVerCombined=0xa03ad700
3772dd4.2a64: ntdll.dll: timestamp 0x8274fd8b (rc=VINF_SUCCESS)
3782dd4.2a64: New simple heap: #1 0000000000c00000 LB 0x400000 (for 1945600 allocation)
3792dd4.2a64: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
3802dd4.2a64: System32: \Device\HarddiskVolume4\Windows\System32
3812dd4.2a64: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
3822dd4.2a64: KnownDllPath: C:\WINDOWS\System32
3832dd4.2a64: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3842dd4.2a64: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3852dd4.2a64: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3862dd4.2a64: Registered Dll notification callback with NTDLL.
3872dd4.2a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
3882dd4.2a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
3892dd4.2a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3902dd4.2a64: supR3HardenedDllNotificationCallback: load 00007ffe17830000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3912dd4.2a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
3922dd4.2a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
3932dd4.2a64: supR3HardenedDllNotificationCallback: load 00007ffe19bf0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3942dd4.2a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3952dd4.2a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19bf0000 'C:\WINDOWS\System32\KERNEL32.DLL'
3962dd4.2a64: supR3HardenedDllNotificationCallback: load 00007ff628030000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3972dd4.2a64: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3982dd4.2a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3992dd4.2a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
4002dd4.2a64: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1b159ac0 pvNtTerminateThread=00007ffe1b185df0
4012474.211c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 468 ms.
4022dd4.2a64: \SystemRoot\System32\ntdll.dll:
4032dd4.2a64: CreationTime: 2017-09-18T14:26:39.656160800Z
4042dd4.2a64: LastWriteTime: 2017-09-05T05:26:19.169608500Z
4052dd4.2a64: ChangeTime: 2017-09-19T11:00:07.367406500Z
4062dd4.2a64: FileAttributes: 0x20
4072dd4.2a64: Size: 0x1d7658
4082dd4.2a64: NT Headers: 0xe0
4092dd4.2a64: Timestamp: 0x8274fd8b
4102dd4.2a64: Machine: 0x8664 - amd64
4112dd4.2a64: Timestamp: 0x8274fd8b
4122dd4.2a64: Image Version: 10.0
4132dd4.2a64: SizeOfImage: 0x1db000 (1945600)
4142dd4.2a64: Resource Dir: 0x170000 LB 0x69448
4152dd4.2a64: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
4162dd4.2a64: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
4172dd4.2a64: ProductName: Microsoft® Windows® Operating System
4182dd4.2a64: ProductVersion: 10.0.15063.608
4192dd4.2a64: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
4202dd4.2a64: FileDescription: NT Layer DLL
4212dd4.2a64: \SystemRoot\System32\kernel32.dll:
4222dd4.2a64: CreationTime: 2017-05-10T11:55:02.222932100Z
4232dd4.2a64: LastWriteTime: 2017-04-28T01:06:01.409897400Z
4242dd4.2a64: ChangeTime: 2017-09-18T14:44:34.988898900Z
4252dd4.2a64: FileAttributes: 0x20
4262dd4.2a64: Size: 0xad068
4272dd4.2a64: NT Headers: 0xf8
4282dd4.2a64: Timestamp: 0xf5fa43df
4292dd4.2a64: Machine: 0x8664 - amd64
4302dd4.2a64: Timestamp: 0xf5fa43df
4312dd4.2a64: Image Version: 10.0
4322dd4.2a64: SizeOfImage: 0xae000 (712704)
4332dd4.2a64: Resource Dir: 0xac000 LB 0x520
4342dd4.2a64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4352dd4.2a64: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
4362dd4.2a64: ProductName: Microsoft® Windows® Operating System
4372dd4.2a64: ProductVersion: 10.0.15063.296
4382dd4.2a64: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
4392dd4.2a64: FileDescription: Windows NT BASE API Client DLL
4402dd4.2a64: \SystemRoot\System32\KernelBase.dll:
4412dd4.2a64: CreationTime: 2017-09-18T14:27:12.219330600Z
4422dd4.2a64: LastWriteTime: 2017-09-05T05:27:02.025776900Z
4432dd4.2a64: ChangeTime: 2017-09-19T11:00:01.273556600Z
4442dd4.2a64: FileAttributes: 0x20
4452dd4.2a64: Size: 0x249df0
4462dd4.2a64: NT Headers: 0x100
4472dd4.2a64: Timestamp: 0x943cbf8b
4482dd4.2a64: Machine: 0x8664 - amd64
4492dd4.2a64: Timestamp: 0x943cbf8b
4502dd4.2a64: Image Version: 10.0
4512dd4.2a64: SizeOfImage: 0x249000 (2396160)
4522dd4.2a64: Resource Dir: 0x22a000 LB 0x548
4532dd4.2a64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4542dd4.2a64: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4552dd4.2a64: ProductName: Microsoft® Windows® Operating System
4562dd4.2a64: ProductVersion: 10.0.15063.608
4572dd4.2a64: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
4582dd4.2a64: FileDescription: Windows NT BASE API Client DLL
4592dd4.2a64: \SystemRoot\System32\apisetschema.dll:
4602dd4.2a64: CreationTime: 2017-03-18T20:57:35.373527900Z
4612dd4.2a64: LastWriteTime: 2017-03-18T20:57:35.373527900Z
4622dd4.2a64: ChangeTime: 2017-05-10T05:50:00.839173100Z
4632dd4.2a64: FileAttributes: 0x20
4642dd4.2a64: Size: 0x1ada0
4652dd4.2a64: NT Headers: 0xc0
4662dd4.2a64: Timestamp: 0x76544b2
4672dd4.2a64: Machine: 0x8664 - amd64
4682dd4.2a64: Timestamp: 0x76544b2
4692dd4.2a64: Image Version: 10.0
4702dd4.2a64: SizeOfImage: 0x1b000 (110592)
4712dd4.2a64: Resource Dir: 0x1a000 LB 0x408
4722dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4732dd4.2a64: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4742dd4.2a64: ProductName: Microsoft® Windows® Operating System
4752dd4.2a64: ProductVersion: 10.0.15063.0
4762dd4.2a64: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
4772dd4.2a64: FileDescription: ApiSet Schema DLL
4782dd4.2a64: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4792dd4.2a64: supR3HardenedWinFindAdversaries: 0x84
4802dd4.2a64: \SystemRoot\System32\drivers\aswHwid.sys:
4812dd4.2a64: CreationTime: 2015-07-27T02:30:37.789939900Z
4822dd4.2a64: LastWriteTime: 2017-09-01T22:49:54.319854300Z
4832dd4.2a64: ChangeTime: 2017-09-01T22:50:30.123504000Z
4842dd4.2a64: FileAttributes: 0x20
4852dd4.2a64: Size: 0xb7a8
4862dd4.2a64: NT Headers: 0xe8
4872dd4.2a64: Timestamp: 0x599c71bd
4882dd4.2a64: Machine: 0x8664 - amd64
4892dd4.2a64: Timestamp: 0x599c71bd
4902dd4.2a64: Image Version: 6.0
4912dd4.2a64: SizeOfImage: 0xa000 (40960)
4922dd4.2a64: Resource Dir: 0x8000 LB 0x388
4932dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4942dd4.2a64: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
4952dd4.2a64: ProductName: Avast Antivirus
4962dd4.2a64: ProductVersion: 17.6.3614.0
4972dd4.2a64: FileVersion: 17.6.3614.0
4982dd4.2a64: FileDescription: Avast HWID
4992dd4.2a64: \SystemRoot\System32\drivers\aswMonFlt.sys:
5002dd4.2a64: CreationTime: 2015-07-27T02:30:37.793940000Z
5012dd4.2a64: LastWriteTime: 2017-09-01T22:49:54.495483100Z
5022dd4.2a64: ChangeTime: 2017-09-01T22:50:30.124506600Z
5032dd4.2a64: FileAttributes: 0x20
5042dd4.2a64: Size: 0x24148
5052dd4.2a64: NT Headers: 0xe0
5062dd4.2a64: Timestamp: 0x599c746f
5072dd4.2a64: Machine: 0x8664 - amd64
5082dd4.2a64: Timestamp: 0x599c746f
5092dd4.2a64: Image Version: 6.0
5102dd4.2a64: SizeOfImage: 0x28000 (163840)
5112dd4.2a64: Resource Dir: 0x26000 LB 0x3b0
5122dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5132dd4.2a64: [Raw version resource data: 0x26060 LB 0x34c, codepage 0x0 (reserved 0x0)]
5142dd4.2a64: ProductName: Avast Antivirus
5152dd4.2a64: ProductVersion: 17.6.3614.0
5162dd4.2a64: FileVersion: 17.6.3614.0
5172dd4.2a64: FileDescription: Avast File System Minifilter for Windows 2003/Vista
5182dd4.2a64: \SystemRoot\System32\drivers\aswRdr2.sys:
5192dd4.2a64: CreationTime: 2015-07-27T02:30:37.785942200Z
5202dd4.2a64: LastWriteTime: 2017-09-01T22:49:53.126991400Z
5212dd4.2a64: ChangeTime: 2017-09-01T22:50:30.126506200Z
5222dd4.2a64: FileAttributes: 0x20
5232dd4.2a64: Size: 0x1af28
5242dd4.2a64: NT Headers: 0xf0
5252dd4.2a64: Timestamp: 0x599c71d4
5262dd4.2a64: Machine: 0x8664 - amd64
5272dd4.2a64: Timestamp: 0x599c71d4
5282dd4.2a64: Image Version: 6.1
5292dd4.2a64: SizeOfImage: 0x1a000 (106496)
5302dd4.2a64: Resource Dir: 0x18000 LB 0x398
5312dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5322dd4.2a64: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
5332dd4.2a64: ProductName: Avast Antivirus
5342dd4.2a64: ProductVersion: 17.6.3614.0
5352dd4.2a64: FileVersion: 17.6.3614.0 built by: WinDDK
5362dd4.2a64: FileDescription: Avast WFP Redirect Driver
5372dd4.2a64: \SystemRoot\System32\drivers\aswRvrt.sys:
5382dd4.2a64: CreationTime: 2015-07-27T02:30:37.801940500Z
5392dd4.2a64: LastWriteTime: 2017-09-01T22:49:54.573033100Z
5402dd4.2a64: ChangeTime: 2017-09-01T22:50:30.127507300Z
5412dd4.2a64: FileAttributes: 0x20
5422dd4.2a64: Size: 0x149c0
5432dd4.2a64: NT Headers: 0xf0
5442dd4.2a64: Timestamp: 0x599c71bf
5452dd4.2a64: Machine: 0x8664 - amd64
5462dd4.2a64: Timestamp: 0x599c71bf
5472dd4.2a64: Image Version: 6.0
5482dd4.2a64: SizeOfImage: 0x13000 (77824)
5492dd4.2a64: Resource Dir: 0x11000 LB 0x388
5502dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5512dd4.2a64: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
5522dd4.2a64: ProductName: Avast Antivirus
5532dd4.2a64: ProductVersion: 17.6.3614.0
5542dd4.2a64: FileVersion: 17.6.3614.0
5552dd4.2a64: FileDescription: Avast Revert
5562dd4.2a64: \SystemRoot\System32\drivers\aswSnx.sys:
5572dd4.2a64: CreationTime: 2015-07-27T02:30:37.741936100Z
5582dd4.2a64: LastWriteTime: 2017-09-01T22:48:59.334700200Z
5592dd4.2a64: ChangeTime: 2017-09-01T22:50:30.128512700Z
5602dd4.2a64: FileAttributes: 0x20
5612dd4.2a64: Size: 0xf8240
5622dd4.2a64: NT Headers: 0xe8
5632dd4.2a64: Timestamp: 0x599c71d4
5642dd4.2a64: Machine: 0x8664 - amd64
5652dd4.2a64: Timestamp: 0x599c71d4
5662dd4.2a64: Image Version: 6.0
5672dd4.2a64: SizeOfImage: 0xf6000 (1007616)
5682dd4.2a64: Resource Dir: 0xee000 LB 0x378
5692dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5702dd4.2a64: [Raw version resource data: 0xee060 LB 0x314, codepage 0x0 (reserved 0x0)]
5712dd4.2a64: ProductName: Avast Antivirus
5722dd4.2a64: ProductVersion: 17.6.3614.0
5732dd4.2a64: FileVersion: 17.6.3614.0
5742dd4.2a64: FileDescription: Avast Virtualization Driver
5752dd4.2a64: \SystemRoot\System32\drivers\aswsp.sys:
5762dd4.2a64: CreationTime: 2015-07-27T02:30:37.805941500Z
5772dd4.2a64: LastWriteTime: 2017-09-01T22:49:54.863239600Z
5782dd4.2a64: ChangeTime: 2017-09-01T22:50:30.129011400Z
5792dd4.2a64: FileAttributes: 0x20
5802dd4.2a64: Size: 0x90420
5812dd4.2a64: NT Headers: 0xe0
5822dd4.2a64: Timestamp: 0x599c7487
5832dd4.2a64: Machine: 0x8664 - amd64
5842dd4.2a64: Timestamp: 0x599c7487
5852dd4.2a64: Image Version: 6.0
5862dd4.2a64: SizeOfImage: 0xb4000 (737280)
5872dd4.2a64: Resource Dir: 0xb2000 LB 0x370
5882dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5892dd4.2a64: [Raw version resource data: 0xb2060 LB 0x310, codepage 0x0 (reserved 0x0)]
5902dd4.2a64: ProductName: Avast Antivirus
5912dd4.2a64: ProductVersion: 17.6.3614.0
5922dd4.2a64: FileVersion: 17.6.3614.0
5932dd4.2a64: FileDescription: Avast self protection module
5942dd4.2a64: \SystemRoot\System32\drivers\aswStm.sys:
5952dd4.2a64: CreationTime: 2015-07-27T02:30:37.813942100Z
5962dd4.2a64: LastWriteTime: 2017-09-18T13:45:31.052462000Z
5972dd4.2a64: ChangeTime: 2017-09-18T13:45:31.052462000Z
5982dd4.2a64: FileAttributes: 0x20
5992dd4.2a64: Size: 0x30a90
6002dd4.2a64: NT Headers: 0x100
6012dd4.2a64: Timestamp: 0x59bbeacf
6022dd4.2a64: Machine: 0x8664 - amd64
6032dd4.2a64: Timestamp: 0x59bbeacf
6042dd4.2a64: Image Version: 10.0
6052dd4.2a64: SizeOfImage: 0x31000 (200704)
6062dd4.2a64: Resource Dir: 0x2f000 LB 0x358
6072dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
6082dd4.2a64: [Raw version resource data: 0x2f060 LB 0x2f8, codepage 0x0 (reserved 0x0)]
6092dd4.2a64: ProductName: Avast Antivirus
6102dd4.2a64: ProductVersion: 17.6.3625.214
6112dd4.2a64: FileVersion: 17.6.3625.214
6122dd4.2a64: FileDescription: Stream Filter
6132dd4.2a64: \SystemRoot\System32\drivers\aswVmm.sys:
6142dd4.2a64: CreationTime: 2015-07-27T02:30:37.809942000Z
6152dd4.2a64: LastWriteTime: 2017-09-25T18:20:06.751876000Z
6162dd4.2a64: ChangeTime: 2017-09-25T18:20:06.751876000Z
6172dd4.2a64: FileAttributes: 0x20
6182dd4.2a64: Size: 0x58538
6192dd4.2a64: NT Headers: 0xf0
6202dd4.2a64: Timestamp: 0x59c26b61
6212dd4.2a64: Machine: 0x8664 - amd64
6222dd4.2a64: Timestamp: 0x59c26b61
6232dd4.2a64: Image Version: 6.0
6242dd4.2a64: SizeOfImage: 0x57000 (356352)
6252dd4.2a64: Resource Dir: 0x54000 LB 0x398
6262dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6272dd4.2a64: [Raw version resource data: 0x54060 LB 0x338, codepage 0x0 (reserved 0x0)]
6282dd4.2a64: ProductName: Avast Antivirus
6292dd4.2a64: ProductVersion: 17.6.3625.220
6302dd4.2a64: FileVersion: 17.6.3625.220
6312dd4.2a64: FileDescription: Avast VM Monitor
6322dd4.2a64: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
6332dd4.2a64: CreationTime: 2015-08-01T11:04:08.001612800Z
6342dd4.2a64: LastWriteTime: 2016-02-23T16:17:19.174171800Z
6352dd4.2a64: ChangeTime: 2017-05-09T21:30:31.488258700Z
6362dd4.2a64: FileAttributes: 0x20
6372dd4.2a64: Size: 0x1bcd8
6382dd4.2a64: NT Headers: 0xe8
6392dd4.2a64: Timestamp: 0x552c190f
6402dd4.2a64: Machine: 0x8664 - amd64
6412dd4.2a64: Timestamp: 0x552c190f
6422dd4.2a64: Image Version: 6.1
6432dd4.2a64: SizeOfImage: 0x21000 (135168)
6442dd4.2a64: Resource Dir: 0x1f000 LB 0x3f0
6452dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6462dd4.2a64: [Raw version resource data: 0x1f060 LB 0x38c, codepage 0x0 (reserved 0x0)]
6472dd4.2a64: ProductName: Malwarebytes Anti-Malware
6482dd4.2a64: ProductVersion: 0.2.22.0
6492dd4.2a64: FileVersion: 0.2.22.0
6502dd4.2a64: FileDescription: Malwarebytes Anti-Malware
6512dd4.2a64: \SystemRoot\System32\drivers\mwac.sys:
6522dd4.2a64: CreationTime: 2015-08-01T11:03:56.164226200Z
6532dd4.2a64: LastWriteTime: 2015-06-18T07:42:02.000000000Z
6542dd4.2a64: ChangeTime: 2017-05-09T21:30:31.488258700Z
6552dd4.2a64: FileAttributes: 0x20
6562dd4.2a64: Size: 0xfad8
6572dd4.2a64: NT Headers: 0xe0
6582dd4.2a64: Timestamp: 0x53a0f444
6592dd4.2a64: Machine: 0x8664 - amd64
6602dd4.2a64: Timestamp: 0x53a0f444
6612dd4.2a64: Image Version: 6.2
6622dd4.2a64: SizeOfImage: 0x13000 (77824)
6632dd4.2a64: Resource Dir: 0x11000 LB 0x3e0
6642dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6652dd4.2a64: [Raw version resource data: 0x11060 LB 0x37c, codepage 0x0 (reserved 0x0)]
6662dd4.2a64: ProductName: Malwarebytes Web Access Control
6672dd4.2a64: ProductVersion: 1.0.6.0
6682dd4.2a64: FileVersion: 1.0.6.0
6692dd4.2a64: FileDescription: Malwarebytes Web Access Control
6702dd4.2a64: \SystemRoot\System32\drivers\mbamchameleon.sys:
6712dd4.2a64: CreationTime: 2015-08-01T11:03:56.179851300Z
6722dd4.2a64: LastWriteTime: 2015-06-18T07:41:44.000000000Z
6732dd4.2a64: ChangeTime: 2017-05-09T21:30:31.488258700Z
6742dd4.2a64: FileAttributes: 0x20
6752dd4.2a64: Size: 0x1aad8
6762dd4.2a64: NT Headers: 0xd8
6772dd4.2a64: Timestamp: 0x554cf757
6782dd4.2a64: Machine: 0x8664 - amd64
6792dd4.2a64: Timestamp: 0x554cf757
6802dd4.2a64: Image Version: 6.1
6812dd4.2a64: SizeOfImage: 0x1e000 (122880)
6822dd4.2a64: Resource Dir: 0x1c000 LB 0xbd8
6832dd4.2a64: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6842dd4.2a64: [Raw version resource data: 0x1c830 LB 0x3a8, codepage 0x0 (reserved 0x0)]
6852dd4.2a64: ProductName: Malwarebytes Chameleon
6862dd4.2a64: ProductVersion: 1.1.20.0
6872dd4.2a64: FileVersion: 1.1.20.0
6882dd4.2a64: FileDescription: Malwarebytes Chameleon Protection Driver
6892dd4.2a64: \SystemRoot\System32\drivers\mbam.sys:
6902dd4.2a64: CreationTime: 2015-08-01T11:03:56.164226200Z
6912dd4.2a64: LastWriteTime: 2015-06-18T07:41:40.000000000Z
6922dd4.2a64: ChangeTime: 2017-05-09T21:30:31.488258700Z
6932dd4.2a64: FileAttributes: 0x20
6942dd4.2a64: Size: 0x64d8
6952dd4.2a64: NT Headers: 0xd8
6962dd4.2a64: Timestamp: 0x540754e1
6972dd4.2a64: Machine: 0x8664 - amd64
6982dd4.2a64: Timestamp: 0x540754e1
6992dd4.2a64: Image Version: 6.1
7002dd4.2a64: SizeOfImage: 0xa000 (40960)
7012dd4.2a64: Resource Dir: 0x8000 LB 0x3d0
7022dd4.2a64: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7032dd4.2a64: [Raw version resource data: 0x8060 LB 0x36c, codepage 0x0 (reserved 0x0)]
7042dd4.2a64: ProductName: Malwarebytes Anti-Malware
7052dd4.2a64: ProductVersion: 0.1.15.0
7062dd4.2a64: FileVersion: 0.1.15.0
7072dd4.2a64: FileDescription: Malwarebytes Anti-Malware
7082dd4.2a64: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
7092dd4.2a64: Calling main()
7102dd4.2a64: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7112dd4.2a64: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
7122dd4.2a64: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7132dd4.2a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7142dd4.2a64: SUPR3HardenedMain: Respawn #2
7152dd4.2a64: supR3HardNtEnableThreadCreation:
7162dd4.2a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7172dd4.2a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
7182dd4.2a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
7192dd4.2a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
7202dd4.2a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
7212dd4.2a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7222dd4.2a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7232dd4.2a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
7242dd4.2a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
7252dd4.2a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
7262dd4.2a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
7272dd4.2a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
7282dd4.2a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
7292dd4.2a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
7302dd4.2a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7312dd4.2a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7322dd4.2a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
7332dd4.2a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
7342dd4.2a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7352dd4.2a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7362dd4.2a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7372dd4.2a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
7382dd4.2a64: supR3HardenedDllNotificationCallback: load 00007ffe18d80000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
7392dd4.2a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7402dd4.2a64: supR3HardenedDllNotificationCallback: load 00007ffe18840000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
7412dd4.2a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7422dd4.2a64: supR3HardenedDllNotificationCallback: load 00007ffe19900000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
7432dd4.2a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
7442dd4.2a64: supR3HardenedDllNotificationCallback: load 00007ffe19390000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
7452dd4.2a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7462dd4.2a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19390000 'C:\WINDOWS\System32\ADVAPI32.DLL'
7472dd4.2a64: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
7482dd4.2a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
7492dd4.2a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7502dd4.2a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7512dd4.2a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1b0e0000 'C:\WINDOWS\System32\ntdll.dll'
7522dd4.2a64: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1b159ac0 pvNtTerminateThread=00007ffe1b185df0
7532dd4.2a64: supR3HardenedWinDoReSpawn(2): New child 2804.3a4 [kernel32].
7542dd4.2a64: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
7552dd4.2a64: supR3HardNtChildGatherData: PebBaseAddress=000000000052a000 cbPeb=0x388
7562dd4.2a64: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe1b0e0000 uNtDllChildAddr=00007ffe1b0e0000
7572dd4.2a64: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe1b159ac0
7582dd4.2a64: supR3HardenedWinSetupChildInit: Start child.
7592dd4.2a64: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
7602dd4.2a64: supR3HardNtChildPurify: Startup delay kludge #1/0: 526 ms, 33 sleeps
7612dd4.2a64: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
7622dd4.2a64: *0000000000000000-000000000030ffff 0x0001/0x0000 0x0000000
7632dd4.2a64: *0000000000310000-000000000032ffff 0x0004/0x0004 0x0020000
7642dd4.2a64: *0000000000330000-0000000000347fff 0x0002/0x0002 0x0040000
7652dd4.2a64: 0000000000348000-000000000034ffff 0x0001/0x0000 0x0000000
7662dd4.2a64: *0000000000350000-0000000000353fff 0x0002/0x0002 0x0040000
7672dd4.2a64: 0000000000354000-000000000035ffff 0x0001/0x0000 0x0000000
7682dd4.2a64: *0000000000360000-0000000000360fff 0x0004/0x0004 0x0020000
7692dd4.2a64: 0000000000361000-00000000003fffff 0x0001/0x0000 0x0000000
7702dd4.2a64: *0000000000400000-0000000000529fff 0x0000/0x0004 0x0020000
7712dd4.2a64: 000000000052a000-000000000052cfff 0x0004/0x0004 0x0020000
7722dd4.2a64: 000000000052d000-00000000005fffff 0x0000/0x0004 0x0020000
7732dd4.2a64: *0000000000600000-00000000006fafff 0x0000/0x0004 0x0020000
7742dd4.2a64: 00000000006fb000-00000000006fdfff 0x0104/0x0004 0x0020000
7752dd4.2a64: 00000000006fe000-00000000006fffff 0x0004/0x0004 0x0020000
7762dd4.2a64: 0000000000700000-000000007ffdffff 0x0001/0x0000 0x0000000
7772dd4.2a64: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
7782dd4.2a64: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
7792dd4.2a64: 000000007fff0000-00007ff6276affff 0x0001/0x0000 0x0000000
7802dd4.2a64: *00007ff6276b0000-00007ff6276d2fff 0x0002/0x0002 0x0040000
7812dd4.2a64: 00007ff6276d3000-00007ff62802ffff 0x0001/0x0000 0x0000000
7822dd4.2a64: *00007ff628030000-00007ff628030fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7832dd4.2a64: 00007ff628031000-00007ff6280a0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7842dd4.2a64: 00007ff6280a1000-00007ff6280a1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7852dd4.2a64: 00007ff6280a2000-00007ff6280e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7862dd4.2a64: 00007ff6280e8000-00007ff6280e8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7872dd4.2a64: 00007ff6280e9000-00007ff6280e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7882dd4.2a64: 00007ff6280ea000-00007ff6280eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7892dd4.2a64: 00007ff6280ef000-00007ff6280effff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7902dd4.2a64: 00007ff6280f0000-00007ff6280f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7912dd4.2a64: 00007ff6280f1000-00007ff6280f4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7922dd4.2a64: 00007ff6280f5000-00007ff62813cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
7932dd4.2a64: 00007ff62813d000-00007ffe1b0dffff 0x0001/0x0000 0x0000000
7942dd4.2a64: *00007ffe1b0e0000-00007ffe1b0e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7952dd4.2a64: 00007ffe1b0e1000-00007ffe1b1effff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7962dd4.2a64: 00007ffe1b1f0000-00007ffe1b234fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7972dd4.2a64: 00007ffe1b235000-00007ffe1b23cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7982dd4.2a64: 00007ffe1b23d000-00007ffe1b24afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7992dd4.2a64: 00007ffe1b24b000-00007ffe1b24bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8002dd4.2a64: 00007ffe1b24c000-00007ffe1b24efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8012dd4.2a64: 00007ffe1b24f000-00007ffe1b2bafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
8022dd4.2a64: 00007ffe1b2bb000-00007ffffffdffff 0x0001/0x0000 0x0000000
8032dd4.2a64: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
8042dd4.2a64: VirtualBox.exe: timestamp 0x59b8f49b (rc=VINF_SUCCESS)
8052dd4.2a64: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8062dd4.2a64: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
8072dd4.2a64: supR3HardNtChildPurify: Done after 661 ms and 0 fixes (loop #0).
8082804.3a4: Log file opened: 5.1.28r117968 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03ad700
8092804.3a4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe1b0e0000 g_uNtVerCombined=0xa03ad700
8102dd4.2a64: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000)
8112dd4.2a64: supR3HardNtEnableThreadCreation:
8122804.3a4: ntdll.dll: timestamp 0x8274fd8b (rc=VINF_SUCCESS)
8132804.3a4: New simple heap: #1 0000000000800000 LB 0x400000 (for 1945600 allocation)
8142804.3a4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
8152804.3a4: System32: \Device\HarddiskVolume4\Windows\System32
8162804.3a4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
8172804.3a4: KnownDllPath: C:\WINDOWS\System32
8182804.3a4: supR3HardenedVmProcessInit: Opening vboxdrv...
8192804.3a4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
8202804.3a4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
8212804.3a4: Registered Dll notification callback with NTDLL.
8222804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
8232804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
8242804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
8252804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17830000 LB 0x00249000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
8262804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
8272804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
8282804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe19bf0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
8292804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
8302804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19bf0000 'C:\WINDOWS\System32\KERNEL32.DLL'
8312804.3a4: supR3HardenedDllNotificationCallback: load 00007ff628030000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
8322804.3a4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8332804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8342804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
8352804.3a4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe1b159ac0 pvNtTerminateThread=00007ffe1b185df0
8362dd4.2a64: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 411 ms.
8372804.3a4: \SystemRoot\System32\ntdll.dll:
8382804.3a4: CreationTime: 2017-09-18T14:26:39.656160800Z
8392804.3a4: LastWriteTime: 2017-09-05T05:26:19.169608500Z
8402804.3a4: ChangeTime: 2017-09-19T11:00:07.367406500Z
8412804.3a4: FileAttributes: 0x20
8422804.3a4: Size: 0x1d7658
8432804.3a4: NT Headers: 0xe0
8442804.3a4: Timestamp: 0x8274fd8b
8452804.3a4: Machine: 0x8664 - amd64
8462804.3a4: Timestamp: 0x8274fd8b
8472804.3a4: Image Version: 10.0
8482804.3a4: SizeOfImage: 0x1db000 (1945600)
8492804.3a4: Resource Dir: 0x170000 LB 0x69448
8502804.3a4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
8512804.3a4: [Raw version resource data: 0x1700f0 LB 0x380, codepage 0x0 (reserved 0x0)]
8522804.3a4: ProductName: Microsoft® Windows® Operating System
8532804.3a4: ProductVersion: 10.0.15063.608
8542804.3a4: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
8552804.3a4: FileDescription: NT Layer DLL
8562804.3a4: \SystemRoot\System32\kernel32.dll:
8572804.3a4: CreationTime: 2017-05-10T11:55:02.222932100Z
8582804.3a4: LastWriteTime: 2017-04-28T01:06:01.409897400Z
8592804.3a4: ChangeTime: 2017-09-18T14:44:34.988898900Z
8602804.3a4: FileAttributes: 0x20
8612804.3a4: Size: 0xad068
8622804.3a4: NT Headers: 0xf8
8632804.3a4: Timestamp: 0xf5fa43df
8642804.3a4: Machine: 0x8664 - amd64
8652804.3a4: Timestamp: 0xf5fa43df
8662804.3a4: Image Version: 10.0
8672804.3a4: SizeOfImage: 0xae000 (712704)
8682804.3a4: Resource Dir: 0xac000 LB 0x520
8692804.3a4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8702804.3a4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
8712804.3a4: ProductName: Microsoft® Windows® Operating System
8722804.3a4: ProductVersion: 10.0.15063.296
8732804.3a4: FileVersion: 10.0.15063.296 (WinBuild.160101.0800)
8742804.3a4: FileDescription: Windows NT BASE API Client DLL
8752804.3a4: \SystemRoot\System32\KernelBase.dll:
8762804.3a4: CreationTime: 2017-09-18T14:27:12.219330600Z
8772804.3a4: LastWriteTime: 2017-09-05T05:27:02.025776900Z
8782804.3a4: ChangeTime: 2017-09-19T11:00:01.273556600Z
8792804.3a4: FileAttributes: 0x20
8802804.3a4: Size: 0x249df0
8812804.3a4: NT Headers: 0x100
8822804.3a4: Timestamp: 0x943cbf8b
8832804.3a4: Machine: 0x8664 - amd64
8842804.3a4: Timestamp: 0x943cbf8b
8852804.3a4: Image Version: 10.0
8862804.3a4: SizeOfImage: 0x249000 (2396160)
8872804.3a4: Resource Dir: 0x22a000 LB 0x548
8882804.3a4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8892804.3a4: [Raw version resource data: 0x22a0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
8902804.3a4: ProductName: Microsoft® Windows® Operating System
8912804.3a4: ProductVersion: 10.0.15063.608
8922804.3a4: FileVersion: 10.0.15063.608 (WinBuild.160101.0800)
8932804.3a4: FileDescription: Windows NT BASE API Client DLL
8942804.3a4: \SystemRoot\System32\apisetschema.dll:
8952804.3a4: CreationTime: 2017-03-18T20:57:35.373527900Z
8962804.3a4: LastWriteTime: 2017-03-18T20:57:35.373527900Z
8972804.3a4: ChangeTime: 2017-05-10T05:50:00.839173100Z
8982804.3a4: FileAttributes: 0x20
8992804.3a4: Size: 0x1ada0
9002804.3a4: NT Headers: 0xc0
9012804.3a4: Timestamp: 0x76544b2
9022804.3a4: Machine: 0x8664 - amd64
9032804.3a4: Timestamp: 0x76544b2
9042804.3a4: Image Version: 10.0
9052804.3a4: SizeOfImage: 0x1b000 (110592)
9062804.3a4: Resource Dir: 0x1a000 LB 0x408
9072804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9082804.3a4: [Raw version resource data: 0x1a060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
9092804.3a4: ProductName: Microsoft® Windows® Operating System
9102804.3a4: ProductVersion: 10.0.15063.0
9112804.3a4: FileVersion: 10.0.15063.0 (WinBuild.160101.0800)
9122804.3a4: FileDescription: ApiSet Schema DLL
9132804.3a4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
9142804.3a4: supR3HardenedWinFindAdversaries: 0x84
9152804.3a4: \SystemRoot\System32\drivers\aswHwid.sys:
9162804.3a4: CreationTime: 2015-07-27T02:30:37.789939900Z
9172804.3a4: LastWriteTime: 2017-09-01T22:49:54.319854300Z
9182804.3a4: ChangeTime: 2017-09-01T22:50:30.123504000Z
9192804.3a4: FileAttributes: 0x20
9202804.3a4: Size: 0xb7a8
9212804.3a4: NT Headers: 0xe8
9222804.3a4: Timestamp: 0x599c71bd
9232804.3a4: Machine: 0x8664 - amd64
9242804.3a4: Timestamp: 0x599c71bd
9252804.3a4: Image Version: 6.0
9262804.3a4: SizeOfImage: 0xa000 (40960)
9272804.3a4: Resource Dir: 0x8000 LB 0x388
9282804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9292804.3a4: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
9302804.3a4: ProductName: Avast Antivirus
9312804.3a4: ProductVersion: 17.6.3614.0
9322804.3a4: FileVersion: 17.6.3614.0
9332804.3a4: FileDescription: Avast HWID
9342804.3a4: \SystemRoot\System32\drivers\aswMonFlt.sys:
9352804.3a4: CreationTime: 2015-07-27T02:30:37.793940000Z
9362804.3a4: LastWriteTime: 2017-09-01T22:49:54.495483100Z
9372804.3a4: ChangeTime: 2017-09-01T22:50:30.124506600Z
9382804.3a4: FileAttributes: 0x20
9392804.3a4: Size: 0x24148
9402804.3a4: NT Headers: 0xe0
9412804.3a4: Timestamp: 0x599c746f
9422804.3a4: Machine: 0x8664 - amd64
9432804.3a4: Timestamp: 0x599c746f
9442804.3a4: Image Version: 6.0
9452804.3a4: SizeOfImage: 0x28000 (163840)
9462804.3a4: Resource Dir: 0x26000 LB 0x3b0
9472804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9482804.3a4: [Raw version resource data: 0x26060 LB 0x34c, codepage 0x0 (reserved 0x0)]
9492804.3a4: ProductName: Avast Antivirus
9502804.3a4: ProductVersion: 17.6.3614.0
9512804.3a4: FileVersion: 17.6.3614.0
9522804.3a4: FileDescription: Avast File System Minifilter for Windows 2003/Vista
9532804.3a4: \SystemRoot\System32\drivers\aswRdr2.sys:
9542804.3a4: CreationTime: 2015-07-27T02:30:37.785942200Z
9552804.3a4: LastWriteTime: 2017-09-01T22:49:53.126991400Z
9562804.3a4: ChangeTime: 2017-09-01T22:50:30.126506200Z
9572804.3a4: FileAttributes: 0x20
9582804.3a4: Size: 0x1af28
9592804.3a4: NT Headers: 0xf0
9602804.3a4: Timestamp: 0x599c71d4
9612804.3a4: Machine: 0x8664 - amd64
9622804.3a4: Timestamp: 0x599c71d4
9632804.3a4: Image Version: 6.1
9642804.3a4: SizeOfImage: 0x1a000 (106496)
9652804.3a4: Resource Dir: 0x18000 LB 0x398
9662804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9672804.3a4: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
9682804.3a4: ProductName: Avast Antivirus
9692804.3a4: ProductVersion: 17.6.3614.0
9702804.3a4: FileVersion: 17.6.3614.0 built by: WinDDK
9712804.3a4: FileDescription: Avast WFP Redirect Driver
9722804.3a4: \SystemRoot\System32\drivers\aswRvrt.sys:
9732804.3a4: CreationTime: 2015-07-27T02:30:37.801940500Z
9742804.3a4: LastWriteTime: 2017-09-01T22:49:54.573033100Z
9752804.3a4: ChangeTime: 2017-09-01T22:50:30.127507300Z
9762804.3a4: FileAttributes: 0x20
9772804.3a4: Size: 0x149c0
9782804.3a4: NT Headers: 0xf0
9792804.3a4: Timestamp: 0x599c71bf
9802804.3a4: Machine: 0x8664 - amd64
9812804.3a4: Timestamp: 0x599c71bf
9822804.3a4: Image Version: 6.0
9832804.3a4: SizeOfImage: 0x13000 (77824)
9842804.3a4: Resource Dir: 0x11000 LB 0x388
9852804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9862804.3a4: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
9872804.3a4: ProductName: Avast Antivirus
9882804.3a4: ProductVersion: 17.6.3614.0
9892804.3a4: FileVersion: 17.6.3614.0
9902804.3a4: FileDescription: Avast Revert
9912804.3a4: \SystemRoot\System32\drivers\aswSnx.sys:
9922804.3a4: CreationTime: 2015-07-27T02:30:37.741936100Z
9932804.3a4: LastWriteTime: 2017-09-01T22:48:59.334700200Z
9942804.3a4: ChangeTime: 2017-09-01T22:50:30.128512700Z
9952804.3a4: FileAttributes: 0x20
9962804.3a4: Size: 0xf8240
9972804.3a4: NT Headers: 0xe8
9982804.3a4: Timestamp: 0x599c71d4
9992804.3a4: Machine: 0x8664 - amd64
10002804.3a4: Timestamp: 0x599c71d4
10012804.3a4: Image Version: 6.0
10022804.3a4: SizeOfImage: 0xf6000 (1007616)
10032804.3a4: Resource Dir: 0xee000 LB 0x378
10042804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
10052804.3a4: [Raw version resource data: 0xee060 LB 0x314, codepage 0x0 (reserved 0x0)]
10062804.3a4: ProductName: Avast Antivirus
10072804.3a4: ProductVersion: 17.6.3614.0
10082804.3a4: FileVersion: 17.6.3614.0
10092804.3a4: FileDescription: Avast Virtualization Driver
10102804.3a4: \SystemRoot\System32\drivers\aswsp.sys:
10112804.3a4: CreationTime: 2015-07-27T02:30:37.805941500Z
10122804.3a4: LastWriteTime: 2017-09-01T22:49:54.863239600Z
10132804.3a4: ChangeTime: 2017-09-01T22:50:30.129011400Z
10142804.3a4: FileAttributes: 0x20
10152804.3a4: Size: 0x90420
10162804.3a4: NT Headers: 0xe0
10172804.3a4: Timestamp: 0x599c7487
10182804.3a4: Machine: 0x8664 - amd64
10192804.3a4: Timestamp: 0x599c7487
10202804.3a4: Image Version: 6.0
10212804.3a4: SizeOfImage: 0xb4000 (737280)
10222804.3a4: Resource Dir: 0xb2000 LB 0x370
10232804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
10242804.3a4: [Raw version resource data: 0xb2060 LB 0x310, codepage 0x0 (reserved 0x0)]
10252804.3a4: ProductName: Avast Antivirus
10262804.3a4: ProductVersion: 17.6.3614.0
10272804.3a4: FileVersion: 17.6.3614.0
10282804.3a4: FileDescription: Avast self protection module
10292804.3a4: \SystemRoot\System32\drivers\aswStm.sys:
10302804.3a4: CreationTime: 2015-07-27T02:30:37.813942100Z
10312804.3a4: LastWriteTime: 2017-09-18T13:45:31.052462000Z
10322804.3a4: ChangeTime: 2017-09-18T13:45:31.052462000Z
10332804.3a4: FileAttributes: 0x20
10342804.3a4: Size: 0x30a90
10352804.3a4: NT Headers: 0x100
10362804.3a4: Timestamp: 0x59bbeacf
10372804.3a4: Machine: 0x8664 - amd64
10382804.3a4: Timestamp: 0x59bbeacf
10392804.3a4: Image Version: 10.0
10402804.3a4: SizeOfImage: 0x31000 (200704)
10412804.3a4: Resource Dir: 0x2f000 LB 0x358
10422804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
10432804.3a4: [Raw version resource data: 0x2f060 LB 0x2f8, codepage 0x0 (reserved 0x0)]
10442804.3a4: ProductName: Avast Antivirus
10452804.3a4: ProductVersion: 17.6.3625.214
10462804.3a4: FileVersion: 17.6.3625.214
10472804.3a4: FileDescription: Stream Filter
10482804.3a4: \SystemRoot\System32\drivers\aswVmm.sys:
10492804.3a4: CreationTime: 2015-07-27T02:30:37.809942000Z
10502804.3a4: LastWriteTime: 2017-09-25T18:20:06.751876000Z
10512804.3a4: ChangeTime: 2017-09-25T18:20:06.751876000Z
10522804.3a4: FileAttributes: 0x20
10532804.3a4: Size: 0x58538
10542804.3a4: NT Headers: 0xf0
10552804.3a4: Timestamp: 0x59c26b61
10562804.3a4: Machine: 0x8664 - amd64
10572804.3a4: Timestamp: 0x59c26b61
10582804.3a4: Image Version: 6.0
10592804.3a4: SizeOfImage: 0x57000 (356352)
10602804.3a4: Resource Dir: 0x54000 LB 0x398
10612804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
10622804.3a4: [Raw version resource data: 0x54060 LB 0x338, codepage 0x0 (reserved 0x0)]
10632804.3a4: ProductName: Avast Antivirus
10642804.3a4: ProductVersion: 17.6.3625.220
10652804.3a4: FileVersion: 17.6.3625.220
10662804.3a4: FileDescription: Avast VM Monitor
10672804.3a4: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
10682804.3a4: CreationTime: 2015-08-01T11:04:08.001612800Z
10692804.3a4: LastWriteTime: 2016-02-23T16:17:19.174171800Z
10702804.3a4: ChangeTime: 2017-05-09T21:30:31.488258700Z
10712804.3a4: FileAttributes: 0x20
10722804.3a4: Size: 0x1bcd8
10732804.3a4: NT Headers: 0xe8
10742804.3a4: Timestamp: 0x552c190f
10752804.3a4: Machine: 0x8664 - amd64
10762804.3a4: Timestamp: 0x552c190f
10772804.3a4: Image Version: 6.1
10782804.3a4: SizeOfImage: 0x21000 (135168)
10792804.3a4: Resource Dir: 0x1f000 LB 0x3f0
10802804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
10812804.3a4: [Raw version resource data: 0x1f060 LB 0x38c, codepage 0x0 (reserved 0x0)]
10822804.3a4: ProductName: Malwarebytes Anti-Malware
10832804.3a4: ProductVersion: 0.2.22.0
10842804.3a4: FileVersion: 0.2.22.0
10852804.3a4: FileDescription: Malwarebytes Anti-Malware
10862804.3a4: \SystemRoot\System32\drivers\mwac.sys:
10872804.3a4: CreationTime: 2015-08-01T11:03:56.164226200Z
10882804.3a4: LastWriteTime: 2015-06-18T07:42:02.000000000Z
10892804.3a4: ChangeTime: 2017-05-09T21:30:31.488258700Z
10902804.3a4: FileAttributes: 0x20
10912804.3a4: Size: 0xfad8
10922804.3a4: NT Headers: 0xe0
10932804.3a4: Timestamp: 0x53a0f444
10942804.3a4: Machine: 0x8664 - amd64
10952804.3a4: Timestamp: 0x53a0f444
10962804.3a4: Image Version: 6.2
10972804.3a4: SizeOfImage: 0x13000 (77824)
10982804.3a4: Resource Dir: 0x11000 LB 0x3e0
10992804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
11002804.3a4: [Raw version resource data: 0x11060 LB 0x37c, codepage 0x0 (reserved 0x0)]
11012804.3a4: ProductName: Malwarebytes Web Access Control
11022804.3a4: ProductVersion: 1.0.6.0
11032804.3a4: FileVersion: 1.0.6.0
11042804.3a4: FileDescription: Malwarebytes Web Access Control
11052804.3a4: \SystemRoot\System32\drivers\mbamchameleon.sys:
11062804.3a4: CreationTime: 2015-08-01T11:03:56.179851300Z
11072804.3a4: LastWriteTime: 2015-06-18T07:41:44.000000000Z
11082804.3a4: ChangeTime: 2017-05-09T21:30:31.488258700Z
11092804.3a4: FileAttributes: 0x20
11102804.3a4: Size: 0x1aad8
11112804.3a4: NT Headers: 0xd8
11122804.3a4: Timestamp: 0x554cf757
11132804.3a4: Machine: 0x8664 - amd64
11142804.3a4: Timestamp: 0x554cf757
11152804.3a4: Image Version: 6.1
11162804.3a4: SizeOfImage: 0x1e000 (122880)
11172804.3a4: Resource Dir: 0x1c000 LB 0xbd8
11182804.3a4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
11192804.3a4: [Raw version resource data: 0x1c830 LB 0x3a8, codepage 0x0 (reserved 0x0)]
11202804.3a4: ProductName: Malwarebytes Chameleon
11212804.3a4: ProductVersion: 1.1.20.0
11222804.3a4: FileVersion: 1.1.20.0
11232804.3a4: FileDescription: Malwarebytes Chameleon Protection Driver
11242804.3a4: \SystemRoot\System32\drivers\mbam.sys:
11252804.3a4: CreationTime: 2015-08-01T11:03:56.164226200Z
11262804.3a4: LastWriteTime: 2015-06-18T07:41:40.000000000Z
11272804.3a4: ChangeTime: 2017-05-09T21:30:31.488258700Z
11282804.3a4: FileAttributes: 0x20
11292804.3a4: Size: 0x64d8
11302804.3a4: NT Headers: 0xd8
11312804.3a4: Timestamp: 0x540754e1
11322804.3a4: Machine: 0x8664 - amd64
11332804.3a4: Timestamp: 0x540754e1
11342804.3a4: Image Version: 6.1
11352804.3a4: SizeOfImage: 0xa000 (40960)
11362804.3a4: Resource Dir: 0x8000 LB 0x3d0
11372804.3a4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
11382804.3a4: [Raw version resource data: 0x8060 LB 0x36c, codepage 0x0 (reserved 0x0)]
11392804.3a4: ProductName: Malwarebytes Anti-Malware
11402804.3a4: ProductVersion: 0.1.15.0
11412804.3a4: FileVersion: 0.1.15.0
11422804.3a4: FileDescription: Malwarebytes Anti-Malware
11432804.3a4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
11442804.3a4: Calling main()
11452804.3a4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
11462804.3a4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
11472804.3a4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
11482804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
11492804.3a4: SUPR3HardenedMain: Final process, opening VBoxDrv...
11502804.3a4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000800000 LB 0x400000)
11512804.3a4: supR3HardNtEnableThreadCreation:
11522804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
11532804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
11542804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11552804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
11562804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe0b280000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
11572804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
11582804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
11592804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11602804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b280000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
11612804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
11622804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
11632804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b280000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
11642804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b280000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
11652804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11662804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
11672804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
11682804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
11692804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
11702804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
11712804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11722804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11732804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
11742804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
11752804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
11762804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
11772804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
11782804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
11792804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
11802804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
11812804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
11822804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
11832804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
11842804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11852804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11862804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
11872804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
11882804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
11892804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
11902804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
11912804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
11922804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18d80000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
11932804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11942804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17570000 LB 0x00011000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
11952804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
11962804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18540000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
11972804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
11982804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
11992804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe181d0000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
12002804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12012804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18840000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
12022804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12032804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe19900000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
12042804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
12052804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
12062804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
12072804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe19390000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
12082804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12092804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
12102804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
12112804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
12122804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
12132804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18450000 LB 0x00056000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
12142804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12152804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
12162804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12172804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17830000 'api-ms-win-core-synch-l1-2-0'
12182804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
12192804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12202804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17830000 'api-ms-win-core-fibers-l1-1-1'
12212804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
12222804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12232804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17830000 'api-ms-win-core-fibers-l1-1-1'
12242804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
12252804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12262804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17830000 'api-ms-win-core-synch-l1-2-0'
12272804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
12282804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12292804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17830000 'api-ms-win-core-localization-l1-2-1'
12302804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\WINDOWS\system32\Wintrust.dll'
12312804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
12322804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
12332804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12342804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12352804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12362804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
12372804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
12382804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
12392804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12402804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12412804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12422804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12432804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12442804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12452804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12462804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12472804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17110000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
12482804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12492804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17110000 'C:\WINDOWS\system32\bcrypt.dll'
12502804.3a4: bcrypt.dll loaded at 00007ffe17110000, BCryptOpenAlgorithmProvider at 00007ffe17114aa0, preloading providers:
12512804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
12522804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
12532804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12542804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe184b0000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
12552804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
12562804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe184b0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
12572804.3a4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000caeba0)
12582804.3a4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000caf1b0)
12592804.3a4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000caf480)
12602804.3a4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000caf750)
12612804.3a4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000cafa20)
12622804.3a4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000cb0500)
12632804.3a4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000cb07d0)
12642804.3a4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000cb0eb0)
12652804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12662804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12672804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
12682804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12692804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12702804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
12712804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12722804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12732804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
12742804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12752804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12762804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
12772804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12782804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12792804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
12802804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12812804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12822804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
12832804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
12842804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12852804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
12862804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
12872804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
12882804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17000000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
12892804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
12902804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
12912804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
12922804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
12932804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12942804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12952804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12962804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12972804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
12982804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe16a80000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
12992804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13002804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
13012804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
13022804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
13032804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
13042804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17020000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
13052804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
13062804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
13072804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
13082804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
13092804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
13102804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13112804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19bf0000 'C:\WINDOWS\System32\kernel32.dll'
13122804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
13132804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
13142804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13152804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
13162804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\CRYPT32.dll'
13172804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18970000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
13182804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
13192804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
13202804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
13212804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13222804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
13232804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13242804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
13252804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'.
13262804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'bcrypt.dll'.
13272804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ncrypt.dll'.
13282804.3a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll)
13292804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll
13302804.3a4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000001fc (hFile=00000000000001f0) with 0xc0000022 -> STATUS_TRUST_FAILURE
13312804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13322804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
13332804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
13342804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
13352804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe16420000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
13362804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
13372804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe175e0000 LB 0x00015000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
13382804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
13392804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
13402804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13412804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
13422804.3a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
13432804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
13442804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
13452804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
13462804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13472804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13482804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13492804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13502804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13512804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13522804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13532804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13542804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13552804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13562804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ncrypt.dll'...
13572804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ncrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll' [rcNtRedir=0xc0150008]
13582804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
13592804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ntasn1.dll'.
13602804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ncrypt.dll)
13612804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ncrypt.dll
13622804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13632804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13642804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
13652804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
13662804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
13672804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13682804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13692804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13702804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13712804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
13722804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
13732804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
13742804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
13752804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
13762804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
13772804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntasn1.dll)
13782804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntasn1.dll
13792804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13802804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13812804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
13822804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13832804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13842804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe12ea0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
13852804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13862804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13872804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
13882804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
13892804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13902804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
13912804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
13922804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13932804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
13942804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
13952804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13962804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
13972804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
13982804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13992804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
14002804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
14012804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14022804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
14032804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
14042804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14052804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
14062804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14072804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
14082804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14092804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
14102804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14112804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
14122804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14132804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
14142804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\WINDOWS\System32\cryptnet.dll'
14152804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14162804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe12ea0000 'C:\Windows\System32\cryptnet.dll'
14172804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14182804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14192804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
14202804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
14212804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14222804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
14232804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
14242804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000d45060
14252804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
14262804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD38255A6DCCC09B45A72579827544B1B25F4681
14272804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14282804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14292804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18840000 'C:\WINDOWS\System32\rpcrt4.dll'
14302804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
14312804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
14322804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
14332804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
14342804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
14352804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
14362804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
14372804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
14382804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
14392804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
14402804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
14412804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
14422804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
14432804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14442804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\Windows\System32\WINTRUST.DLL'
14452804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14462804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14472804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
14482804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
14492804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14502804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
14512804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1964_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\SystemRoot\System32\ntdll.dll'
14522804.3a4: g_pfnWinVerifyTrust=00007ffe1845d3e0
14532804.3a4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
14542804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14552804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14562804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
14572804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
14582804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14592804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
14602804.3a4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
14612804.3a4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
14622804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14632804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14642804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
14652804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
14662804.3a4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
14672804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14682804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
14692804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
14702804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
14712804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll'
14722804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14732804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
14742804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
14752804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
14762804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14772804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
14782804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
14792804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll'
14802804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
14812804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
14822804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
14832804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=30DAE41220776EDDC1F05DDBB10EE8379CC41546
14842804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14852804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
14862804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
14872804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
14882804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14892804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
14902804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14912804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
14922804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
14932804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
14942804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
14952804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
14962804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
14972804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
14982804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f8 pwszName=\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll
14992804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
15002804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
15012804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E3EA9BEFE875CD90A66DCBEEF4C761ACAC3755E
15022804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15032804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15042804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
15052804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15062804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15072804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1489_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll'
15082804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15092804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll'
15102804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15112804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15122804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15132804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
15142804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15152804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
15162804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15172804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15182804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
15192804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
15202804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15212804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15222804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
15232804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15242804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15252804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
15262804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15272804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15282804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
15292804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15302804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15312804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
15322804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15332804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15342804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
15352804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15362804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15372804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
15382804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15392804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15402804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
15412804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15422804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15432804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
15442804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15452804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15462804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
15472804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15482804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15492804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
15502804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15512804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
15522804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15532804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
15542804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15552804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15562804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
15572804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
15582804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
15592804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
15602804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\system32\crypt32.dll'
15612804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
15622804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xa813ef314a12b900 OU=generated by avast! antivirus for SSL/TLS scanning, O=avast! Web/Mail Shield, CN=avast! Web/Mail Shield Root
15632804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
15642804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
15652804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x5d413c6852499f00 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
15662804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
15672804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
15682804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
15692804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
15702804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
15712804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x52bd4a9a08f5bf00 C=IE, L=Dublin, O=UCD IT Services, CN=UCD eduroam Root CA
15722804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
15732804.3a4: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1
15742804.3a4: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: O=Cybertrust Inc, CN=Cybertrust Public SureServer SV CA
15752804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
15762804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xd864319ac892f700 C=US, CN=P4Host (13484)
15772804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
15782804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x75a2ccecb8259a00 C=TW, O=Government Root Certification Authority
15792804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
15802804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
15812804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
15822804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
15832804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
15842804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
15852804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
15862804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
15872804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
15882804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
15892804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
15902804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
15912804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
15922804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
15932804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
15942804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
15952804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
15962804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
15972804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
15982804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
15992804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
16002804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
16012804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
16022804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
16032804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
16042804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
16052804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
16062804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
16072804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
16082804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
16092804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
16102804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
16112804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
16122804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
16132804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
16142804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
16152804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
16162804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
16172804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
16182804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
16192804.3a4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
16202804.3a4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=57
16212804.3a4: SUPR3HardenedMain: Load Runtime...
16222804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
16232804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16242804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
16252804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
16262804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
16272804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
16282804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
16292804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16302804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16312804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
16322804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
16332804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
16342804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
16352804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16362804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
16372804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
16382804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16392804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
16402804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
16412804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
16422804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
16432804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16442804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16452804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16462804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16472804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
16482804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
16492804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16502804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
16512804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
16522804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16532804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16542804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16552804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16562804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
16572804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
16582804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
16592804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
16602804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
16612804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
16622804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
16632804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
16642804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
16652804.3a4: supR3HardenedDllNotificationCallback: load 00000000633f0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
16662804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
16672804.3a4: supR3HardenedDllNotificationCallback: load 00000000634d0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
16682804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
16692804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe19a80000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
16702804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
16712804.3a4: supR3HardenedDllNotificationCallback: load 00007ffdd3e10000 LB 0x0053f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
16722804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
16732804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
16742804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
16752804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
16762804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16772804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16782804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
16792804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16802804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16812804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
16822804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16832804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16842804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
16852804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16862804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16872804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
16882804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16892804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16902804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
16912804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16922804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16932804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16942804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16952804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16962804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16972804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16982804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16992804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17002804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
17012804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17022804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17032804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17042804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17052804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17062804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17072804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17082804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17092804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17102804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17112804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17122804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17132804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17142804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17152804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17162804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17172804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17182804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
17192804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17202804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17212804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17222804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17232804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3e10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
17242804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18450000 'C:\WINDOWS\system32\Wintrust.dll'
17252804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
17262804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
17272804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
17282804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
17292804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\system32\crypt32.dll'
17302804.3a4: SUPR3HardenedMain: Load TrustedMain...
17312804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
17322804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
17332804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17342804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
17352804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
17362804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
17372804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
17382804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
17392804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
17402804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
17412804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
17422804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
17432804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
17442804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
17452804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
17462804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
17472804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
17482804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
17492804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
17502804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
17512804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
17522804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
17532804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
17542804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
17552804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
17562804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
17572804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17582804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17592804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17602804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17612804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
17622804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
17632804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
17642804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
17652804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17662804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
17672804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
17682804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17692804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17702804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
17712804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
17722804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
17732804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
17742804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
17752804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
17762804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
17772804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
17782804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17792804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17802804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17812804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17822804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
17832804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17842804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
17852804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
17862804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'bcryptprimitives.dll'.
17872804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
17882804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
17892804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
17902804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
17912804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
17922804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
17932804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
17942804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
17952804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17962804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17972804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
17982804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
17992804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
18002804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
18012804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
18022804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
18032804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
18042804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
18052804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18062804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18072804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18082804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18092804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
18102804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18112804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18122804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
18132804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
18142804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
18152804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
18162804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
18172804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18182804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18192804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
18202804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
18212804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
18222804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18232804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18242804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18252804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18262804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18272804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18282804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18292804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
18302804.3a4: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
18312804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
18322804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
18332804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
18342804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
18352804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18362804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'user32.dll'.
18372804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #69 'gdi32.dll'.
18382804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) WinVerifyTrust
18392804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
18402804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18412804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18422804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
18432804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18442804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18452804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
18462804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18472804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18482804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
18492804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18502804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18512804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
18522804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18532804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18542804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
18552804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
18562804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
18572804.3a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
18582804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
18592804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
18602804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
18612804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
18622804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
18632804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
18642804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
18652804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
18662804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
18672804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
18682804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
18692804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18702804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18712804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
18722804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18732804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18742804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
18752804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
18762804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
18772804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
18782804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
18792804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
18802804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
18812804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
18822804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
18832804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
18842804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18852804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18862804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18872804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
18882804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
18892804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
18902804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18912804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18922804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
18932804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
18942804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
18952804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
18962804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18972804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
18982804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
18992804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
19002804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
19012804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
19022804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
19032804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
19042804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
19052804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
19062804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
19072804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
19082804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
19092804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19102804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19112804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
19122804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19132804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19142804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
19152804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19162804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19172804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
19182804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19192804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19202804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
19212804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19222804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19232804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
19242804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19252804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19262804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
19272804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19282804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19292804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
19302804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19312804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19322804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
19332804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19342804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19352804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
19362804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19372804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19382804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
19392804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19402804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19412804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
19422804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19432804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19442804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
19452804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19462804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19472804.3a4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
19482804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19492804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
19502804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19512804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
19522804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
19532804.3a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
19542804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
19552804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19562804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19572804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
19582804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19592804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19602804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
19612804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19622804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19632804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
19642804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
19652804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
19662804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
19672804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
19682804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
19692804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19702804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19712804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
19722804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19732804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19742804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
19752804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19762804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19772804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
19782804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19792804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19802804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
19812804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19822804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19832804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
19842804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
19852804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
19862804.3a4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
19872804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19882804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
19892804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
19902804.3a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
19912804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
19922804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19932804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19942804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
19952804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19962804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19972804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
19982804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19992804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20002804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
20012804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20022804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20032804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
20042804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
20052804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
20062804.3a4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
20072804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20082804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20092804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
20102804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20112804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20122804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
20132804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
20142804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
20152804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
20162804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
20172804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
20182804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
20192804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
20202804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
20212804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
20222804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
20232804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
20242804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
20252804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
20262804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20272804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20282804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
20292804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
20302804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
20312804.3a4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
20322804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20332804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
20342804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'shlwapi.dll'.
20352804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
20362804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'comctl32.dll'.
20372804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shell32.dll'.
20382804.3a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)
20392804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
20402804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
20412804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
20422804.3a4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
20432804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20442804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcrypt.dll'.
20452804.3a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
20462804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
20472804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20482804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20492804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
20502804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20512804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20522804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
20532804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
20542804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
20552804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
20562804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20572804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20582804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
20592804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20602804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20612804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
20622804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20632804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20642804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
20652804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20662804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20672804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20682804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20692804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
20702804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
20712804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
20722804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
20732804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
20742804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20752804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
20762804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
20772804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
20782804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20792804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20802804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
20812804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20822804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20832804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
20842804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
20852804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
20862804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
20872804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
20882804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
20892804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20902804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20912804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20922804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20932804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20942804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20952804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20962804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20972804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
20982804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20992804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21002804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21012804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21022804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21032804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21042804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
21052804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21062804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21072804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
21082804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
21092804.3a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
21102804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
21112804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
21122804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
21132804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
21142804.3a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
21152804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21162804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21172804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
21182804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
21192804.3a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
21202804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21212804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21222804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
21232804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
21242804.3a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
21252804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21262804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21272804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
21282804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21292804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21302804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
21312804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
21322804.3a4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
21332804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003d4 pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
21342804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
21352804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
21362804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C84CAE716539BA897604EBDDBAB05F52E4868A0
21372804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
21382804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
21392804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
21402804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21412804.3a4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
21422804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
21432804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
21442804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
21452804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
21462804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
21472804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
21482804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
21492804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
21502804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
21512804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
21522804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
21532804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
21542804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
21552804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
21562804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
21572804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll)
21582804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll
21592804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
21602804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18520000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
21612804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
21622804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17790000 LB 0x0009a000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
21632804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
21642804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17600000 LB 0x00188000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
21652804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
21662804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
21672804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
21682804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'win32u.dll'.
21692804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
21702804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
21712804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe190f0000 LB 0x00027000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
21722804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
21732804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18640000 LB 0x0014a000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
21742804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe0a650000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
21752804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
21762804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe00ab0000 LB 0x00121000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
21772804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
21782804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17a80000 LB 0x00049000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
21792804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
21802804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
21812804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18a20000 LB 0x002f9000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
21822804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
21832804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18790000 LB 0x000aa000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
21842804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21852804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
21862804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
21872804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
21882804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
21892804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18d20000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
21902804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
21912804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17550000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
21922804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
21932804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
21942804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
21952804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
21962804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17590000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
21972804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
21982804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
21992804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
22002804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17ad0000 LB 0x006f3000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
22012804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22022804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
22032804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
22042804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
22052804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
22062804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
22072804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe19ca0000 LB 0x01436000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
22082804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
22092804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18f90000 LB 0x00145000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
22102804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
22112804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe062f0000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
22122804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
22132804.3a4: supR3HardenedDllNotificationCallback: load 0000000062e80000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
22142804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22152804.3a4: supR3HardenedDllNotificationCallback: load 00007ffdd2f20000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
22162804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22172804.3a4: supR3HardenedDllNotificationCallback: load 0000000062910000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
22182804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
22192804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe0cb30000 LB 0x0008a000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
22202804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
22212804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe0ac10000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\COMCTL32.dll [fFlags=0x0]
22222804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll [avoiding WinVerifyTrust]
22232804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe19970000 LB 0x00108000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
22242804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
22252804.3a4: supR3HardenedDllNotificationCallback: load 00007ffdf2100000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
22262804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
22272804.3a4: supR3HardenedDllNotificationCallback: load 00000000628b0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
22282804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
22292804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe192c0000 LB 0x000c0000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
22302804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
22312804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe156f0000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
22322804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
22332804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe15750000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
22342804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
22352804.3a4: supR3HardenedDllNotificationCallback: load 00007ffdd3520000 LB 0x008eb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
22362804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
22372804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
22382804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
22392804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
22402804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
22412804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
22422804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
22432804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
22442804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
22452804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
22462804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
22472804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
22482804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
22492804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll'.
22502804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_0e0f5dcc67adff4e\comctl32.dll' [rescheduled]
22512804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
22522804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
22532804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
22542804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
22552804.3a4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
22562804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
22572804.3a4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'.
22582804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rescheduled]
22592804.3a4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
22602804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
22612804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
22622804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
22632804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
22642804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
22652804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
22662804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
22672804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
22682804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
22692804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
22702804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
22712804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
22722804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
22732804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
22742804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
22752804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22762804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22772804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
22782804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
22792804.3a4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
22802804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22812804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22822804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22832804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22842804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22852804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22862804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22872804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22882804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22892804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22902804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22912804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22922804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
22932804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
22942804.3a4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
22952804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22962804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22972804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22982804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22992804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23002804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23012804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
23022804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
23032804.3a4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
23042804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23052804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23062804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23072804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23082804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
23092804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
23102804.3a4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
23112804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
23122804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
23132804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
23142804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23152804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23162804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23172804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23182804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
23192804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
23202804.3a4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
23212804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23222804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23232804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
23242804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
23252804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19bf0000 'C:\WINDOWS\System32\kernel32.dll'
23262804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
23272804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
23282804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17830000 'api-ms-win-core-string-l1-1-0'
23292804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
23302804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
23312804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17830000 'api-ms-win-core-datetime-l1-1-1'
23322804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
23332804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
23342804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17830000 'api-ms-win-core-localization-obsolete-l1-2-0'
23352804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
23362804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
23372804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
23382804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
23392804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
23402804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
23412804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
23422804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
23432804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
23442804.3a4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
23452804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23462804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23472804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
23482804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe189f0000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
23492804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
23502804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe189f0000 'C:\WINDOWS\system32\IMM32.DLL'
23512804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
23522804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
23532804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
23542804.3a4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
23552804.3a4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
23562804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23572804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe189f0000 'C:\WINDOWS\System32\imm32.dll'
23582804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
23592804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23602804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19390000 'C:\WINDOWS\System32\ADVAPI32.DLL'
23612804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd3520000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
23622804.3a4: SUPR3HardenedMain: Calling TrustedMain (00007ffdd3521610)...
23632804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
23642804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
23652804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
23662804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
23672804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
23682804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
23692804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
23702804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
23712804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
23722804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
23732804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
23742804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
23752804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
23762804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
23772804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23782804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23792804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
23802804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
23812804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
23822804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
23832804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
23842804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
23852804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23862804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23872804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
23882804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
23892804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
23902804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
23912804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23922804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23932804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
23942804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
23952804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
23962804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
23972804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
23982804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
23992804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
24002804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
24012804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
24022804.3a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
24032804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24042804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24052804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
24062804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24072804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24082804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
24092804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24102804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24112804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
24122804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
24132804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
24142804.3a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
24152804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24162804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24172804.3a4: supR3HardenedDllNotificationCallback: load 00007ffde9320000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
24182804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24192804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffde9320000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
24202804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000644 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
24212804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
24222804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
24232804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B531FF2B0DDEF1474B5898F2B0278778FD6901AD
24242804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
24252804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
24262804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
24272804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24282804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24292804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
24302804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
24312804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
24322804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
24332804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24342804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24352804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24362804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24372804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24382804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24392804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
24402804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24412804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
24422804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe15d90000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
24432804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
24442804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15d90000 'C:\WINDOWS\system32\uxtheme.dll'
24452804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
24462804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
24472804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24482804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
24492804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
24502804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll) WinVerifyTrust
24512804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
24522804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24532804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24542804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24552804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24562804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
24572804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24582804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24592804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
24602804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
24612804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe109c0000 LB 0x000a1000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [fFlags=0x0]
24622804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
24632804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe109c0000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
24642804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18640000 'C:\WINDOWS\system32\user32.dll'
24652804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
24662804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24672804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ca0000 'C:\WINDOWS\system32\shell32.dll'
24682804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
24692804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
24702804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
24712804.3a4: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
24722804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24732804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18790000 'C:\WINDOWS\system32\SHCore.dll'
24742804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
24752804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
24762804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18640000 'C:\WINDOWS\system32\user32.dll'
24772804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24782804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'win32u.dll'.
24792804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
24802804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
24812804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
24822804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
24832804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe14770000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
24842804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
24852804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24862804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24872804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24882804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24892804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
24902804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
24912804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
24922804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24932804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24942804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
24952804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
24962804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
24972804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
24982804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24992804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\system32\winmm.dll'
25002804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
25012804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25022804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\system32\winmm.dll'
25032804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
25042804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25052804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ca0000 'C:\WINDOWS\system32\shell32.dll'
25062804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
25072804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25082804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15d90000 'C:\WINDOWS\system32\uxtheme.dll'
25092804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
25102804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25112804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19390000 'C:\WINDOWS\system32\advapi32.dll'
25122804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
25132804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
25142804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
25152804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'profapi.dll'.
25162804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
25172804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
25182804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
25192804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
25202804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
25212804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25222804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25232804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25242804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
25252804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe17450000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
25262804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
25272804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17450000 'C:\WINDOWS\system32\userenv.dll'
25282804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
25292804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25302804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19bf0000 'C:\WINDOWS\System32\kernel32.dll'
25312804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe19b50000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
25322804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25332804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
25342804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
25352804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
25362804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25372804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25382804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25392804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25402804.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
25412804.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
25422804.1718: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
25432804.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
25442804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25452804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25462804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25472804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25482804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
25492804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25502804.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
25512804.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
25522804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25532804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25542804.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
25552804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25562804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25572804.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
25582804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25592804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25602804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25612804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25622804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25632804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25642804.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
25652804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25662804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25672804.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25682804.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
25692804.1718: supR3HardenedDllNotificationCallback: load 00007ffdd2a20000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
25702804.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
25712804.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd2a20000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
25722804.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
25732804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25742804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25752804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
25762804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
25772804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
25782804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
25792804.1718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
25802804.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
25812804.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
25822804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25832804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25842804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25852804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25862804.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
25872804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25882804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25892804.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
25902804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
25912804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
25922804.1718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
25932804.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
25942804.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
25952804.1718: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
25962804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25972804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25982804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25992804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26002804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26012804.1718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26022804.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26032804.1718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
26042804.1718: supR3HardenedDllNotificationCallback: load 00007ffdecd70000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
26052804.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
26062804.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdecd70000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
26072804.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26082804.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26092804.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe192c0000 'C:\Windows\System32\oleaut32.dll'
26102804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
26112804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26122804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe190f0000 'C:\WINDOWS\system32\gdi32.dll'
26132804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
26142804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
26152804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
26162804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msimg32.dll'.
26172804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'comdlg32.dll'.
26182804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
26192804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
26202804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shell32.dll'.
26212804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'comctl32.dll'.
26222804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'.
26232804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ole32.dll'.
26242804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
26252804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'gdiplus.dll'.
26262804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleacc.dll'.
26272804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'imm32.dll'.
26282804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
26292804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Acer\Acer Power Management\SysHook.dll) WinVerifyTrust
26302804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Acer\Acer Power Management\SysHook.dll
26312804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
26322804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
26332804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
26342804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
26352804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
26362804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
26372804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleacc.dll'...
26382804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleacc.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleacc.dll' [rcNtRedir=0xc0150008]
26392804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007e8 pwszName=\Device\HarddiskVolume4\Windows\System32\oleacc.dll
26402804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
26412804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
26422804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9D0FC2629ACC8B1E679B7FCA201427FF9FB8C4AF
26432804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
26442804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
26452804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2468_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\oleacc.dll'
26462804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26472804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
26482804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
26492804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleacc.dll) WinVerifyTrust
26502804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleacc.dll
26512804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'...
26522804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdiplus.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdiplus.dll' [rcNtRedir=0x0]
26532804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007dc pwszName=\Device\HarddiskVolume4\Windows\System32\GdiPlus.dll
26542804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
26552804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
26562804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=873E93450554602FB0572CF0F911A0DDE3B314FD
26572804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
26582804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26592804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26602804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26612804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26622804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26632804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
26642804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
26652804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2468_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\GdiPlus.dll'
26662804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26672804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26682804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
26692804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
26702804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\GdiPlus.dll) WinVerifyTrust
26712804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\GdiPlus.dll
26722804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26732804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26742804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
26752804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26762804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26772804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
26782804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
26792804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
26802804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
26812804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
26822804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
26832804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comctl32.dll [redoing WinVerifyTrust]
26842804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26852804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26862804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26872804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26882804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26892804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26902804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
26912804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
26922804.3a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'
26932804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
26942804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
26952804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
26962804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26972804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26982804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
26992804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
27002804.3a4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [redoing WinVerifyTrust]
27012804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000420 pwszName=\Device\HarddiskVolume4\Windows\System32\winspool.drv
27022804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
27032804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
27042804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A1C93FDE163C91ACB66ABE09A984CEFA128B437C
27052804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
27062804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
27072804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2273_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\winspool.drv'
27082804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27092804.3a4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv'
27102804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
27112804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
27122804.3a4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll [redoing WinVerifyTrust]
27132804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
27142804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
27152804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
27162804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7DE98075F8C1B7765E1F307F61F79BA7975A8666
27172804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
27182804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
27192804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2335_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
27202804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27212804.3a4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
27222804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msimg32.dll'...
27232804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msimg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msimg32.dll' [rcNtRedir=0xc0150008]
27242804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000087c pwszName=\Device\HarddiskVolume4\Windows\System32\msimg32.dll
27252804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
27262804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
27272804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=129CC8EB8397AB5843F82B056EFD1EE368ACD087
27282804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
27292804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
27302804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DXG-windows-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\msimg32.dll'
27312804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27322804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
27332804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msimg32.dll) WinVerifyTrust
27342804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msimg32.dll
27352804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27362804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27372804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27382804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27392804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27402804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27412804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Acer\Acer Power Management\SysHook.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
27422804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Acer\Acer Power Management\SysHook.dll
27432804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msimg32.dll
27442804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27452804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
27462804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
27472804.3a4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.608_none_56f0266b425534e9\GdiPlus.dll)
27482804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.608_none_56f0266b425534e9\GdiPlus.dll
27492804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
27502804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe147e0000 LB 0x00007000 C:\WINDOWS\SYSTEM32\MSIMG32.dll [fFlags=0x0]
27512804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msimg32.dll
27522804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe10730000 LB 0x00195000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.608_none_56f0266b425534e9\gdiplus.dll [fFlags=0x0]
27532804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.608_none_56f0266b425534e9\GdiPlus.dll [avoiding WinVerifyTrust]
27542804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe104f0000 LB 0x0006b000 C:\WINDOWS\SYSTEM32\OLEACC.dll [fFlags=0x0]
27552804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
27562804.3a4: supR3HardenedDllNotificationCallback: load 00007ffdef390000 LB 0x0022d000 C:\Program Files\Acer\Acer Power Management\SysHook.dll [fFlags=0x0]
27572804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Acer\Acer Power Management\SysHook.dll
27582804.3a4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.608_none_56f0266b425534e9\GdiPlus.dll'.
27592804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.608_none_56f0266b425534e9\GdiPlus.dll' [rescheduled]
27602804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
27612804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27622804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27632804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27642804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27652804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27662804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27672804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\UxTheme.dll (Input=UxTheme.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27682804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15d90000 'C:\WINDOWS\System32\UxTheme.dll'
27692804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
27702804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27712804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe14770000 'C:\WINDOWS\System32\dwmapi.dll'
27722804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
27732804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27742804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19bf0000 'C:\WINDOWS\System32\KERNEL32.DLL'
27752804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll': 0 (NtPath=\??\C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; Input=C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; rcNtGetDll=0x0
27762804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll'
27772804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll': 0 (NtPath=\??\C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; Input=C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; rcNtGetDll=0x0
27782804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll'
27792804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll': 0 (NtPath=\??\C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; Input=C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; rcNtGetDll=0x0
27802804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll'
27812804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll': 0 (NtPath=\??\C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; Input=C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; rcNtGetDll=0x0
27822804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll'
27832804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll': 0 (NtPath=\??\C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; Input=C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; rcNtGetDll=0x0
27842804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll'
27852804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll': 0 (NtPath=\??\C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; Input=C:\Program Files\Acer\Acer Power Management\SysHookENU.dll; rcNtGetDll=0x0
27862804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Program Files\Acer\Acer Power Management\SysHookENU.dll'
27872804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files\Acer\Acer Power Management\SysHookLOC.dll': 0 (NtPath=\??\C:\Program Files\Acer\Acer Power Management\SysHookLOC.dll; Input=C:\Program Files\Acer\Acer Power Management\SysHookLOC.dll; rcNtGetDll=0x0
27882804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Program Files\Acer\Acer Power Management\SysHookLOC.dll'
27892804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdef390000 'C:\Program Files\Acer\Acer Power Management\SysHook.dll'
27902804.2928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
27912804.2928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
27922804.2928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
27932804.2928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27942804.2928: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27952804.2928: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
27962804.2928: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
27972804.2928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27982804.2928: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27992804.2928: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28002804.2928: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28012804.2928: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28022804.2928: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
28032804.2928: supR3HardenedDllNotificationCallback: load 00007ffe0b3f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
28042804.2928: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
28052804.2928: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b3f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
28062804.2928: supR3HardenedDllNotificationCallback: Unload 00007ffe0b3f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
28072804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ca0000 'C:\WINDOWS\system32\shell32.dll'
28082804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ca0000 'C:\WINDOWS\system32\shell32.dll'
28092804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ca0000 'C:\WINDOWS\system32\shell32.dll'
28102804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ca0000 'C:\WINDOWS\system32\shell32.dll'
28112804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ca0000 'C:\WINDOWS\system32\shell32.dll'
28122804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ca0000 'C:\WINDOWS\system32\shell32.dll'
28132804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe18e20000 LB 0x00166000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
28142804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28152804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
28162804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
28172804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'gdi32.dll'.
28182804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'imm32.dll'.
28192804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
28202804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
28212804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
28222804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
28232804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
28242804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28252804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28262804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28272804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28282804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28292804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28302804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
28312804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28322804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28332804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
28342804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
28352804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
28362804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a70 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
28372804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
28382804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
28392804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61683FE342024A9B1FED0572E599EB6BBE8FAFAD
28402804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
28412804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
28422804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
28432804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28442804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28452804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
28462804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
28472804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
28482804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
28492804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
28502804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
28512804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
28522804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
28532804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
28542804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
28552804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
28562804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
28572804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
28582804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
28592804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
28602804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
28612804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28622804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28632804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
28642804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
28652804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
28662804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
28672804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
28682804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28692804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
28702804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'win32u.dll'.
28712804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
28722804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
28732804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
28742804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
28752804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
28762804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
28772804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
28782804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
28792804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
28802804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
28812804.3a4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
28822804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28832804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
28842804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
28852804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
28862804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28872804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28882804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
28892804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
28902804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
28912804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28922804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28932804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
28942804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
28952804.3a4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
28962804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
28972804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
28982804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
28992804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29002804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29012804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29022804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
29032804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
29042804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
29052804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
29062804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe164a0000 LB 0x000a4000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
29072804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
29082804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe14800000 LB 0x002df000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
29092804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
29102804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe155c0000 LB 0x00122000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
29112804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
29122804.3a4: supR3HardenedDllNotificationCallback: load 00007ffdfde50000 LB 0x00047000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
29132804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
29142804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdfde50000 'C:\WINDOWS\system32\dataexchange.dll'
29152804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
29162804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
29172804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'
29182804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29192804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
29202804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
29212804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
29222804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
29232804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
29242804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe16030000 LB 0x00170000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
29252804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
29262804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29272804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'coreuicomponents.dll'.
29282804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'coremessaging.dll'.
29292804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
29302804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
29312804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29322804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'coremessaging.dll'.
29332804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'shcore.dll'.
29342804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
29352804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
29362804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29372804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
29382804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
29392804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
29402804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
29412804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
29422804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
29432804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
29442804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcryptprimitives.dll'.
29452804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
29462804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
29472804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29482804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
29492804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\usermgrcli.dll)
29502804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\usermgrcli.dll
29512804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe16760000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
29522804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
29532804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe154d0000 LB 0x000e3000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
29542804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
29552804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe13cb0000 LB 0x00139000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
29562804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
29572804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe142e0000 LB 0x00015000 C:\WINDOWS\SYSTEM32\usermgrcli.dll [fFlags=0x0]
29582804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\usermgrcli.dll [avoiding WinVerifyTrust]
29592804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe12a30000 LB 0x002d2000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
29602804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
29612804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe0f260000 LB 0x00082000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
29622804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
29632804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29642804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29652804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29662804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29672804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
29682804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
29692804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
29702804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29712804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29722804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
29732804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
29742804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
29752804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29762804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29772804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29782804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29792804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
29802804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
29812804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
29822804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
29832804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
29842804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
29852804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29862804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29872804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
29882804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
29892804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
29902804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
29912804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
29922804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
29932804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29942804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29952804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
29962804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
29972804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
29982804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
29992804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
30002804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
30012804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30022804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30032804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30042804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30052804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
30062804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
30072804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\usermgrcli.dll'
30082804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
30092804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
30102804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30112804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
30122804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
30132804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
30142804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
30152804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
30162804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
30172804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
30182804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
30192804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
30202804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
30212804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
30222804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
30232804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
30242804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
30252804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
30262804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
30272804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
30282804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
30292804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30302804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe192c0000 'C:\WINDOWS\System32\OLEAUT32.DLL'
30312804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
30322804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30332804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18640000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
30342804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
30352804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30362804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18640000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
30372804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
30382804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
30392804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-1.dll) -> 0x0, fPresent=1
30402804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30412804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18a20000 'api-ms-win-core-com-l1-1-1.dll'
30422804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
30432804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
30442804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
30452804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
30462804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
30472804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
30482804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
30492804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30502804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18e20000 'C:\WINDOWS\System32\MSCTF.dll'
30512804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b68 pwszName=\Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll
30522804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
30532804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
30542804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9589031640B63118AA8D987D4E32C46BCF7E1D7E
30552804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
30562804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
30572804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1274_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll'
30582804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30592804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30602804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
30612804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
30622804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll) WinVerifyTrust
30632804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll
30642804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30652804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30662804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30672804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30682804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30692804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30702804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
30712804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\uiautomationcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30722804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll
30732804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe04b60000 LB 0x001c5000 C:\Windows\System32\uiautomationcore.dll [fFlags=0x0]
30742804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll
30752804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe04b60000 'C:\Windows\System32\uiautomationcore.dll'
30762804.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\UIAutomationCore.dll
30772804.1718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\UIAutomationCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30782804.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe04b60000 'C:\Windows\System32\UIAutomationCore.dll'
30792804.1718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sxs.dll)
30802804.1718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sxs.dll
30812804.1718: supR3HardenedDllNotificationCallback: load 00007ffe173b0000 LB 0x0009a000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0]
30822804.1718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
30832804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
30842804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
30852804.3a4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sxs.dll'
30862804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe192c0000 'C:\WINDOWS\System32\OLEAUT32.DLL'
30872804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
30882804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30892804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe104f0000 'C:\WINDOWS\system32\oleacc.dll'
30902804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleacc.dll
30912804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleacc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30922804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe104f0000 'C:\Windows\System32\oleacc.dll'
30932804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
30942804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30952804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18f90000 'C:\WINDOWS\system32\ole32.dll'
30962804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
30972804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30982804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe109c0000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
30992804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
31002804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
31012804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
31022804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
31032804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
31042804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
31052804.3a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\secruntime.dll': 0 (NtPath=\??\C:\WINDOWS\System32\secruntime.dll; Input=secruntime.dll; rcNtGetDll=0xc0000135
31062804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\secruntime.dll'
31072804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ca0000 'C:\WINDOWS\system32\shell32.dll'
31082804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
31092804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
31102804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ca0000 'C:\WINDOWS\system32\shell32.dll'
31112804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18f90000 'C:\WINDOWS\System32\ole32.dll'
31122804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe192c0000 'C:\WINDOWS\System32\OLEAUT32.dll'
31132804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b64 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
31142804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
31152804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
31162804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C153C1EEAC2C5A257F8D6DAC54A4EBBA9125F07E
31172804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
31182804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
31192804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
31202804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31212804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31222804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
31232804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
31242804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
31252804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
31262804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
31272804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
31282804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba0 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
31292804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
31302804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
31312804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C2FDDA9E0EDB4F1E87D406924BA16734871BCEF
31322804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
31332804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
31342804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
31352804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31362804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31372804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
31382804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
31392804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
31402804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
31412804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31422804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31432804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
31442804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31452804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31462804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31472804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31482804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
31492804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
31502804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
31512804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
31522804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31532804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31542804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31552804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
31562804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
31572804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe0db80000 LB 0x00082000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
31582804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
31592804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe0dc10000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
31602804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
31612804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
31622804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
31632804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17830000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
31642804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0dc10000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
31652804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a48 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
31662804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
31672804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
31682804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=559C24F928E5CCE94C1894759931445FEFCE69FF
31692804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
31702804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
31712804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
31722804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31732804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31742804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
31752804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
31762804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
31772804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31782804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31792804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31802804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31812804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31822804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
31832804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe0d4b0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
31842804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
31852804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0d4b0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
31862804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
31872804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
31882804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17830000 'api-ms-win-core-localization-l1-2-0.dll'
31892804.3a4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
31902804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
31912804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe17830000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
31922804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba4 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
31932804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
31942804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
31952804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FF6EDA0EE7AAFEFF666CD9B9BCCFAF342DB5470
31962804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
31972804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
31982804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
31992804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32002804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32012804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
32022804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
32032804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
32042804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
32052804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
32062804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
32072804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32082804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32092804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
32102804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
32112804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe0d550000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
32122804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
32132804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0d550000 'C:\WINDOWS\system32\wbem\fastprox.dll'
32142804.d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
32152804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c30 pwszName=\Device\HarddiskVolume4\Windows\System32\twinapi.dll
32162804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
32172804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
32182804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41A7DA0D85CDB46DC374403B2D7B055D503C278B
32192804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
32202804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
32212804.3a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\twinapi.dll'
32222804.3a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32232804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32242804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'combase.dll'.
32252804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'user32.dll'.
32262804.3a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'textinputframework.dll'.
32272804.3a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.dll) WinVerifyTrust
32282804.3a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.dll
32292804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
32302804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume4\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
32312804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
32322804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32332804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32342804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
32352804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
32362804.3a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
32372804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32382804.3a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32392804.3a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\twinapi.dll (Input=twinapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32402804.3a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.dll
32412804.3a4: supR3HardenedDllNotificationCallback: load 00007ffe055c0000 LB 0x00082000 C:\WINDOWS\System32\twinapi.dll [fFlags=0x0]
32422804.3a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.dll
32432804.3a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe055c0000 'C:\WINDOWS\System32\twinapi.dll'
32442804.d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32452804.d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
32462804.d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32472804.d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
32482804.d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32492804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32502804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32512804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
32522804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
32532804.d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
32542804.d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
32552804.d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32562804.d20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
32572804.d20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
32582804.d20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
32592804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32602804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32612804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32622804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32632804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32642804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32652804.d20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32662804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32672804.d20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32682804.d20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32692804.d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32702804.d20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
32712804.d20: supR3HardenedDllNotificationCallback: load 00000000627a0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
32722804.d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
32732804.d20: supR3HardenedDllNotificationCallback: load 00007ffdee5f0000 LB 0x002be000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
32742804.d20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32752804.d20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdee5f0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
32762804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
32772804.17bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
32782804.17bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32792804.17bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32802804.17bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32812804.17bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
32822804.17bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
32832804.17bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
32842804.17bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32852804.17bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32862804.17bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32872804.17bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32882804.17bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32892804.17bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32902804.17bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32912804.17bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32922804.17bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32932804.17bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32942804.17bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
32952804.17bc: supR3HardenedDllNotificationCallback: load 00007ffe0b270000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
32962804.17bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
32972804.17bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b270000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
32982804.17bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe18640000 'C:\WINDOWS\system32\User32.dll'
32992804.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
33002804.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33012804.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
33022804.2818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33032804.2818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
33042804.2818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
33052804.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33062804.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33072804.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
33082804.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
33092804.2818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
33102804.2818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33112804.2818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33122804.2818: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33132804.2818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
33142804.2818: supR3HardenedDllNotificationCallback: load 00007ffe0ae70000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
33152804.2818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
33162804.2818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0ae70000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
33172804.2fd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
33182804.2fd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33192804.2fd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
33202804.2fd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33212804.2fd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
33222804.2fd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
33232804.2fd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33242804.2fd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33252804.2fd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
33262804.2fd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
33272804.2fd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33282804.2fd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33292804.2fd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
33302804.2fd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33312804.2fd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
33322804.2fd0: supR3HardenedDllNotificationCallback: load 00007ffe07430000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
33332804.2fd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
33342804.2fd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe07430000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
33352804.1e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
33362804.1e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33372804.1e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
33382804.1e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33392804.1e6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
33402804.1e6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
33412804.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33422804.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33432804.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
33442804.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
33452804.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33462804.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33472804.1e6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
33482804.1e6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
33492804.1e6c: supR3HardenedDllNotificationCallback: load 00007ffe07050000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
33502804.1e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
33512804.1e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe07050000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
33522804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe19ca0000 'C:\WINDOWS\system32\Shell32.dll'
33532804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
33542804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
33552804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
33562804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33572804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
33582804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33592804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
33602804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
33612804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
33622804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
33632804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
33642804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
33652804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
33662804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
33672804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
33682804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
33692804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
33702804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
33712804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
33722804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
33732804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
33742804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
33752804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
33762804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
33772804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
33782804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
33792804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
33802804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
33812804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
33822804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
33832804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33842804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
33852804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
33862804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
33872804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
33882804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33892804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33902804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
33912804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
33922804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
33932804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
33942804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
33952804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33962804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33972804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33982804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33992804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
34002804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34012804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
34022804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
34032804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
34042804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
34052804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
34062804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
34072804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
34082804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
34092804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
34102804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
34112804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34122804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
34132804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
34142804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
34152804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
34162804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
34172804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
34182804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
34192804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
34202804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
34212804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
34222804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
34232804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
34242804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
34252804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
34262804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
34272804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
34282804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
34292804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
34302804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34312804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34322804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
34332804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
34342804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
34352804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
34362804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34372804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
34382804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
34392804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
34402804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
34412804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe194c0000 LB 0x0043b000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
34422804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
34432804.bc0: supR3HardenedDllNotificationCallback: load 00007ffdf20a0000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
34442804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
34452804.bc0: supR3HardenedDllNotificationCallback: load 00007ffdf5190000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
34462804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
34472804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe16c00000 LB 0x00037000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
34482804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
34492804.bc0: supR3HardenedDllNotificationCallback: load 00007ffdd1410000 LB 0x009b2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
34502804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
34512804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd1410000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
34522804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
34532804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
34542804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34552804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd2a20000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
34562804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
34572804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
34582804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34592804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdf5190000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
34602804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
34612804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
34622804.1264: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
34632804.1264: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
34642804.1264: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
34652804.1264: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
34662804.1264: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
34672804.1264: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
34682804.1264: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
34692804.1264: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
34702804.1264: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
34712804.1264: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
34722804.1264: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
34732804.1264: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
34742804.1264: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
34752804.1264: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34762804.1264: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
34772804.1264: supR3HardenedDllNotificationCallback: load 00007ffe00d90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
34782804.1264: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
34792804.1264: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe00d90000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
34802804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
34812804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34822804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16c00000 'C:\WINDOWS\system32\Iphlpapi.dll'
34832804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
34842804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
34852804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
34862804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
34872804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe19960000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
34882804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
34892804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
34902804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe0fb90000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
34912804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
34922804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
34932804.bc0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
34942804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
34952804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe0fb70000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
34962804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
34972804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
34982804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
34992804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
35002804.bc0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
35012804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
35022804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe0fb50000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
35032804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
35042804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f70 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
35052804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
35062804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
35072804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD77C0B8420B1E0725E0BAACB8F1F2821C7C9053
35082804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
35092804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
35102804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
35112804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
35122804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
35132804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
35142804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35152804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35162804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35172804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35182804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
35192804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
35202804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
35212804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35222804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35232804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
35242804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
35252804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
35262804.bc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35272804.bc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
35282804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f64 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
35292804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
35302804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
35312804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0462C999B5398941A444B13399F1AFCF2D9BD7ED
35322804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
35332804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
35342804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
35352804.bc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35362804.bc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
35372804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
35382804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
35392804.bc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
35402804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
35412804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
35422804.bc0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
35432804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff8 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
35442804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
35452804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
35462804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BAF92974128C211D90A77B3D2A8F3BAD364910A5
35472804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
35482804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
35492804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
35502804.bc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35512804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35522804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
35532804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
35542804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
35552804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
35562804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
35572804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
35582804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35592804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35602804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
35612804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35622804.bc0: supR3HardenedDllNotificationCallback: load 00007ffdec290000 LB 0x0008c000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
35632804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35642804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35652804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
35662804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec290000 'C:\WINDOWS\System32\dsound.dll'
35672804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec290000 'C:\WINDOWS\System32\dsound.dll'
35682804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
35692804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
35702804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec290000 'C:\WINDOWS\system32\dsound.dll'
35712804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
35722804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
35732804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35742804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
35752804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
35762804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
35772804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
35782804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
35792804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
35802804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
35812804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
35822804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
35832804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35842804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
35852804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
35862804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
35872804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
35882804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
35892804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
35902804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35912804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35922804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
35932804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
35942804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35952804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35962804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
35972804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
35982804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
35992804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
36002804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
36012804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36022804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36032804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
36042804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36052804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36062804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
36072804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
36082804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
36092804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
36102804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
36112804.bc0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
36122804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
36132804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
36142804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
36152804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
36162804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe16000000 LB 0x00028000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
36172804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
36182804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe145d0000 LB 0x00196000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
36192804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
36202804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe0de00000 LB 0x00067000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
36212804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
36222804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0de00000 'C:\WINDOWS\System32\MMDevApi.dll'
36232804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
36242804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
36252804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0de00000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
36262804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
36272804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
36282804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\System32\winmm.dll'
36292804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001008 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36302804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
36312804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
36322804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70FC7883505DC83E14C72C8984C7562A04A6C6F0
36332804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
36342804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
36352804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1729_for_KB4040724~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
36362804.bc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36372804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36382804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
36392804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'ksuser.dll'.
36402804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'avrt.dll'.
36412804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
36422804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36432804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
36442804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
36452804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
36462804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
36472804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
36482804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
36492804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
36502804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
36512804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
36522804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
36532804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36542804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
36552804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
36562804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
36572804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
36582804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
36592804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36602804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36612804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36622804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36632804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36642804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36652804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
36662804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
36672804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe14470000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
36682804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
36692804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe12f20000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
36702804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
36712804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe0b490000 LB 0x00041000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
36722804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36732804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b490000 'C:\WINDOWS\System32\wdmaud.drv'
36742804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36752804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36762804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b490000 'C:\WINDOWS\System32\wdmaud.drv'
36772804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36782804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36792804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b490000 'C:\WINDOWS\System32\wdmaud.drv'
36802804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36812804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36822804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b490000 'C:\WINDOWS\System32\wdmaud.drv'
36832804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
36842804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
36852804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b490000 'C:\WINDOWS\System32\wdmaud.drv'
36862804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
36872804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
36882804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
36892804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
36902804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
36912804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'mmdevapi.dll'.
36922804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'avrt.dll'.
36932804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
36942804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
36952804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
36962804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
36972804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
36982804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
36992804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
37002804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
37012804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
37022804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
37032804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
37042804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
37052804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
37062804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
37072804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
37082804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37092804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
37102804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe0cf80000 LB 0x00105000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
37112804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
37122804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0cf80000 'C:\WINDOWS\System32\AUDIOSES.DLL'
37132804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
37142804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37152804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b490000 'C:\WINDOWS\System32\wdmaud.drv'
37162804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
37172804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37182804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b490000 'C:\WINDOWS\System32\wdmaud.drv'
37192804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b490000 'C:\WINDOWS\System32\wdmaud.drv'
37202804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dc8 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
37212804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
37222804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
37232804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=244FFD3779BB26E481FDDE1BCB7D66CB70669BE2
37242804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
37252804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
37262804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
37272804.bc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37282804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37292804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'.
37302804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
37312804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'.
37322804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
37332804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37342804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
37352804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
37362804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
37372804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
37382804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
37392804.bc0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
37402804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
37412804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
37422804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
37432804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
37442804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37452804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
37462804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
37472804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
37482804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
37492804.bc0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
37502804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37512804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37522804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37532804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37542804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37552804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37562804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
37572804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe0f6a0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
37582804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
37592804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe0f6c0000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
37602804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37612804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f6c0000 'C:\WINDOWS\System32\msacm32.drv'
37622804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37632804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37642804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f6c0000 'C:\WINDOWS\System32\msacm32.drv'
37652804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37662804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37672804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f6c0000 'C:\WINDOWS\System32\msacm32.drv'
37682804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37692804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37702804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f6c0000 'C:\WINDOWS\System32\msacm32.drv'
37712804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37722804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37732804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f6c0000 'C:\WINDOWS\System32\msacm32.drv'
37742804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37752804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37762804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f6c0000 'C:\WINDOWS\System32\msacm32.drv'
37772804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
37782804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
37792804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f6c0000 'C:\WINDOWS\System32\msacm32.drv'
37802804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f6c0000 'C:\WINDOWS\System32\msacm32.drv'
37812804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f6c0000 'C:\WINDOWS\System32\msacm32.drv'
37822804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f6c0000 'C:\WINDOWS\System32\msacm32.drv'
37832804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010a8 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
37842804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000d45060
37852804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000d45060
37862804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B59112F98815E2A8A155F681ED15AB1991951589
37872804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe16a80000 'C:\WINDOWS\system32\rsaenh.dll'
37882804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe181d0000 'C:\WINDOWS\System32\crypt32.dll'
37892804.bc0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-multimedia~31bf3856ad364e35~amd64~~10.0.15063.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
37902804.bc0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37912804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37922804.bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
37932804.bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
37942804.bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
37952804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
37962804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
37972804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37982804.bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37992804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
38002804.bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
38012804.bc0: supR3HardenedDllNotificationCallback: load 00007ffe0b480000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
38022804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
38032804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b480000 'C:\WINDOWS\System32\midimap.dll'
38042804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
38052804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
38062804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b480000 'C:\WINDOWS\System32\midimap.dll'
38072804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
38082804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
38092804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b480000 'C:\WINDOWS\System32\midimap.dll'
38102804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
38112804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
38122804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0b480000 'C:\WINDOWS\System32\midimap.dll'
38132804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\System32\winmm.dll'
38142804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\System32\winmm.dll'
38152804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\System32\winmm.dll'
38162804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\System32\winmm.dll'
38172804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\System32\winmm.dll'
38182804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\System32\winmm.dll'
38192804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
38202804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38212804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec290000 'C:\WINDOWS\system32\dsound.dll'
38222804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
38232804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38242804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\System32\winmm.dll'
38252804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\System32\winmm.dll'
38262804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\System32\winmm.dll'
38272804.bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
38282804.bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38292804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdec290000 'C:\WINDOWS\system32\dsound.dll'
38302804.bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe15750000 'C:\WINDOWS\System32\winmm.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy